| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter. |
| Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. |
| Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter. |
| Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6, 5.0, and 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to (1) main.php and possibly (2) demo_page.php. |
| Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment. |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in VerliAdmin 0.3.7 and 0.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the URI, (2) the q parameter, (3) the nick parameter, or (4) the nick parameter in a bantest action. |
| Cross-site scripting (XSS) vulnerability in modifier.php in EditeurScripts EsNews 1.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to inject arbitrary web script or HTML via the city parameter in a search action. NOTE: some of these details are obtained from third party information. |
| Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the Activity Log; and the (4) torrent parameter, as used by the displayName variable, in (b) startpop.php, different vectors than CVE-2006-5227. |
| Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry. |
| The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. |
| Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. |
| Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) demo.php and (2) forum.php, and the PATH_INFO to (3) include_forum.php. |
| Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in Cezanne 6.5.1 and 7 allows remote attackers to inject arbitrary web script or HTML via the SleUserName parameter. |
| Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP Calendars Script allows remote attackers to inject arbitrary web script or HTML via the search parameter. |
