Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-18 | CVE-2007-4959 | Cross-Site Scripting vulnerability in Jelsoft Oscmax 2.0.0Rc301 Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI. | 4.3 |
| 2007-09-18 | CVE-2007-4958 | Cross-Site Scripting vulnerability in Tinywebgallery 1.6.3.4 Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. | 4.3 |
| 2007-09-18 | CVE-2007-4945 | Cross-Site Scripting vulnerability in Jasmine Technologies Lettergrade Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade allow remote attackers to inject arbitrary web script or HTML via (1) a student's email address, (2) the year parameter to genbrws/Student/cal_month.php3, and other unspecified vectors related to the calendar. | 4.3 |
| 2007-09-18 | CVE-2007-4929 | Cross-Site Scripting vulnerability in Axis 207W Network Camera Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/image_incl.shtml, and other unspecified vectors. | 4.3 |
| 2007-09-17 | CVE-2007-4917 | Cross-Site Scripting vulnerability in PHP-Stats 0.1.9.2 Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334. | 4.3 |
| 2007-09-17 | CVE-2007-4912 | Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8. | 4.3 |
| 2007-09-14 | CVE-2007-4900 | Cross-Site Scripting vulnerability in RSA Envision 3.3.6Build0115 Cross-site scripting (XSS) vulnerability in the logon page in RSA EnVision 3.3.6 Build 0115 allows remote attackers to inject arbitrary web script or HTML via the username field. | 4.3 |
| 2007-09-14 | CVE-2007-4899 | Cross-Site Scripting vulnerability in Berkeley Boinc Forum Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum 5.10.20 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to forum_forum.php, or the search_string parameter to forum_text_search_action.php in a (2) titles or (3) bodies search. | 4.3 |
| 2007-09-14 | CVE-2007-4896 | Cross-Site Scripting vulnerability in Toms-Seiten.At Toms Gastenbuch 1.00/1.01 Multiple cross-site scripting (XSS) vulnerabilities in admin/header.php in Toms Gaestebuch 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang[adminseite], (2) lang[ueberschrift], or (3) einst[metachar] parameter, different vectors than CVE-2007-4711. | 4.3 |
| 2007-09-14 | CVE-2007-4883 | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828. | 4.3 |