Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl.
Max CVSS
4.3
EPSS Score
0.22%
Published
2008-12-31
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.19%
Published
2008-12-31
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2008-12-31
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in the Silva Find extension 1.1.5 and earlier in Silva 1.x before 1.6.3.2, Silva 2.0 before 2.0.12.2, and Silva 2.1 before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the fulltext parameter.
Max CVSS
4.3
EPSS Score
0.25%
Published
2008-12-31
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Max CVSS
4.3
EPSS Score
0.37%
Published
2008-12-30
Updated
2017-09-29
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.26%
Published
2008-12-30
Updated
2017-08-08
Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name parameter in an insertrecord action to index.php in the 08_Files module, as demonstrated by injection within a SRC attribute of an IFRAME element.
Max CVSS
4.3
EPSS Score
0.62%
Published
2008-12-30
Updated
2017-09-29
Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.26%
Published
2008-12-30
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08_Files module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
4.3
EPSS Score
0.13%
Published
2008-12-30
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information.
Max CVSS
3.5
EPSS Score
0.09%
Published
2008-12-30
Updated
2018-10-11
Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message.
Max CVSS
4.3
EPSS Score
0.25%
Published
2008-12-26
Updated
2017-08-08
Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKeditor/neditor.php, and the (3) path parameter to admin/siteinfo/iframe.inc.php.
Max CVSS
4.3
EPSS Score
0.22%
Published
2008-12-26
Updated
2017-09-29
Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions.
Max CVSS
4.3
EPSS Score
0.27%
Published
2008-12-26
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web Workflow SDK Set for Active Server Pages before 06-52-/C and Hitachi Groupmax Workflow - Development Kit for Active Server Pages before 06-52-/A allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2008-12-26
Updated
2009-02-18
Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Management - Service Support 08-10 through 08-10-05, 08-11 through 08-11-03, and 08-50 through 08-50-03 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.19%
Published
2008-12-26
Updated
2009-02-18
Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.
Max CVSS
4.3
EPSS Score
0.25%
Published
2008-12-19
Updated
2012-06-07
Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section.
Max CVSS
4.3
EPSS Score
0.33%
Published
2008-12-19
Updated
2018-10-11
Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Max CVSS
4.3
EPSS Score
0.19%
Published
2008-12-17
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Max CVSS
4.3
EPSS Score
0.25%
Published
2008-12-17
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Personal Diary 1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter and possibly other "login fields." NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.25%
Published
2008-12-16
Updated
2017-09-29
Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a message, (2) a milestone, or (3) a display name in a profile, or the (4) a or (5) c parameter to index.php.
Max CVSS
4.3
EPSS Score
0.41%
Published
2008-12-15
Updated
2018-10-11
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.
Max CVSS
4.3
EPSS Score
0.67%
Published
2008-12-15
Updated
2018-10-11
Cross-site scripting (XSS) vulnerability in index.php in Triangle Solutions PHP Multiple Newsletters 2.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Max CVSS
4.3
EPSS Score
0.35%
Published
2008-12-15
Updated
2017-09-29
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design.
Max CVSS
4.3
EPSS Score
0.16%
Published
2008-12-12
Updated
2024-03-21
Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
Max CVSS
4.3
EPSS Score
0.15%
Published
2008-12-12
Updated
2018-10-11
786 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!