CVE & Exploit Intelligence Database

CVE-2007-6085 1 PoC Analysis EPSS 0.03

Multiple cross-site scripting (XSS) vulnerabilities in index.php in VigileCMS 1.4 allow remote attackers to inject arbitrary web script or HTML via the message field in the (1) vedipm or (2) live_chat module.

CWE-79 Nov 22, 2007

CVE-2007-6054 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI, related to the url variable.

CWE-79 Nov 20, 2007

CVE-2007-6055 1 PoC Analysis EPSS 0.08

Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date.

CWE-79 Nov 20, 2007

CVE-2007-6037 1 PoC Analysis EPSS 0.11

Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters.

CWE-79 Nov 20, 2007

CVE-2007-6002 EPSS 0.01

Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites section.

CWE-79 Nov 15, 2007

CVE-2007-5993 1 PoC Analysis EPSS 0.04

Cross-site scripting (XSS) vulnerability in Visionary Technology in Library Solutions (VTLS) vtls.web.gateway before 48.1.1 allows remote attackers to inject arbitrary web script or HTML via the searchtype parameter.

CWE-79 Nov 15, 2007

CVE-2007-5990 EPSS 0.01

Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a user profile, possibly the (1) name and (2) website parameters to register.php.

CWE-79 Nov 15, 2007

CVE-2007-6003 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Nov 15, 2007

CVE-2007-6001 1 PoC Analysis EPSS 0.03

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910.

CWE-79 Nov 15, 2007

CVE-2007-5977 EPSS 0.01

Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.

CWE-79 Nov 15, 2007

CVE-2007-5982 2 PoCs Analysis EPSS 0.02

Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php.

CWE-79 Nov 15, 2007

CVE-2007-5985 EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php.

CWE-79 Nov 15, 2007

CVE-2007-5980 EPSS 0.01

Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

CWE-79 Nov 15, 2007

CVE-2007-5979 1 PoC Analysis EPSS 0.15

Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.

CWE-79 Nov 15, 2007

CVE-2007-5983 1 PoC Analysis EPSS 0.10

Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

CWE-79 Nov 15, 2007

CVE-2007-4698 EPSS 0.01

Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.

CWE-79 Nov 15, 2007

CVE-2007-3694 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

CWE-79 Nov 14, 2007

CVE-2007-5955 EPSS 0.01

Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET before 2.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Nov 14, 2007

CVE-2007-5950 EPSS 0.01

Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, and 1.1.x before 1.1.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-4165.

CWE-79 Nov 14, 2007

CVE-2007-5952 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Nov 14, 2007