Plugins: CGI abuses : XSS

phpMyAdmin 4.1.x < 4.1.14.1 / 4.2.x < 4.2.4 Navigation Hiding Items Multiple XSS (PMASA-2014-3)

phpMyAdmin 4.2.x < 4.2.4 Recent/Favorite Table Navigation Multiple XSS (PMASA-2014-2)

MediaWiki < 1.19.16 / 1.21.10 / 1.22.7 'Special:PasswordReset' XSS

McAfee Web Gateway < 7.1.0.5 / 7.1.5.2 XSS

Blackboard Learning System <= 8.0 SP6 Unspecified XSS

Juniper ScreenOS < 5.4.0r10 / 6.0 < 6.0.0r6 / 6.1 < 6.1.0r2 Web Interface and Telnet Login Pages XSS (JSA10388)

Splunk '/en-US/app/' Referer Header XSS

Puppet Enterprise Multiple XSS Vulnerabilities

Puppet Dashboard Multiple XSS Vulnerabilities

MediaWiki < 1.21.9 / 1.22.6 InfoAction.php XSS

Symantec Messaging Gateway 10.x < 10.5.2 Management Console XSS (SYM14-006)

Atmail Webmail 6.6.x < 6.6.3 / 7.x < 7.0.3 File Name Parameter XSS

Atmail Webmail < 6.5.0 'DOM processor' Cross-Site Scripting

Atmail Webmail 4.x < 4.6.1 (4.61) 'Global.pm' Cross-site Scripting

FortiWeb 5.x < 5.1.0 XSS

FortiWeb 5.x < 5.0.4 XSS

FortiOS 5.x < 5.0.6 XSS

FortiMail < 4.3.4 / 5.0.0 Multiple XSS

Liferay Portal 6.2.0 CE GA1 Multiple XSS

IBM WebSphere Portal 8.0.0.1 CF11 Multiple XSS

IBM WebSphere Portal Themes Unspecified XSS

IBM WebSphere Portal Web Content Viewer Portlet XSS

EMC RSA Authentication Manager 7.x < 7.1 SP4 Patch 32 Unspecified XSS

Better WP Security Plugin for WordPress Multiple XSS

Splunk < 5.0.8 Unspecified XSS

DotNetNuke (DNN) < 7.2.2 Unspecified XSS

phpMyAdmin 3.x >= 3.3.1 / 4.x < 4.1.7 import.php XSS (PMASA-2014-1)

ASUS Routers flag Parameter XSS

CoSoSys Endpoint Protector < 4.4.0.1 Unspecified XSS

Zimbra Collaboration Server aspell.php dictionary Parameter XSS

JForum jforum.page start Parameter XSS

Synology DiskStation Manager < 4.3-3776 Update 3 info.cgi Multiple Parameters XSS

HP Autonomy Ultraseek 5 Unspecified XSS

Oracle Containers for J2EE Component Unspecified XSS

Novell Identity Manager Roles Based Provisioning Module taskId XSS

RomPager HTTP Referer Header XSS

Splunk < 5.0.6 Unspecified XSS

Juniper Junos EmbedThis AppWeb error Parameter XSS

Drupal Google Site Search Module API Data Handling XSS

Joomla! 2.5.x < 2.5.16 / 3.x < 3.1.6 Multiple Cross-Site Scripting Vulnerabilities

Dell iDRAC6 / iDRAC7 Login Page ErrorMsg Parameter XSS

Cisco Prime LAN Management Solution Cross-Frame Scripting

SecurityCenter devform.php message Parameter XSS

Moodle external.php badge Parameter XSS

DotNetNuke __dnnVariable Parameter XSS

Joomla! libraries/idna_convert/example.php lang Parameter XSS

Cisco Prime Network / Wireless Control System Health Monitor Reflected XSS

VLC Web Interface XML Services XSS

McAfee ePolicy Orchestrator < 4.6.7 Multiple XSS

phpMyAdmin 4.x < 4.0.3 XSS (PMASA-2013-6)

Plone spamProtect mailaddress Parameter XSS

Citrix AGEE Logon Portal Unspecified XSS

Gallery 3.0.x < 3.0.8 Multiple XSS

Novell ZENworks Configuration Console Login.jsp language Parameter XSS

DotNetNuke 7.0.x < 7.0.6 Unspecified Modal Window XSS

Securimage example_form.php XSS

DotNetNuke Language Flag Selector Culture XSS

e107 content_preset.php URI XSS

HP Managed Printing Administration < 2.7.0 XSS

phpMyAdmin 3.5.x < 3.5.8 tbl_gis_visualization.php Multiple XSS

Traffic Analyzer Plugin for WordPress ta_loaded.js.php aoid Parameter XSS

Sophos Web Protection Appliance end-user-/errdoc.php msg Parameter XSS

Cerb Multiple Vulnerabilities

MantisBT 1.2.x < 1.2.14 adm_config_report.php Multiple Parameter XSS

McAfee Vulnerability Manager cert_cn Parameter XSS

CKEditor sample_posteddata.php XSS

PHP-Fusion forum/viewthread.php highlight Parameter XSS

LogAnalyzer asktheoracle.php query Parameter XSS

MoinMoin rsslink() Function page_name Parameter XSS

Bugzilla show_bug.cgi id Parameter XSS

MantisBT search.php match_type Parameter XSS

LogAnalyzer userchange.php viewid Parameter XSS

Incapsula Component for Joomla! token Parameter Multiple XSS

Joomla! 2.5.x < 2.5.7 Multiple XSS

ManageEngine AssetExplorer Asset Data XSS

Horde IMP js/compose-dimp.js XSS

HP LaserJet Cross-Site Scripting Vulnerability

Dell OpenManage Server Administrator index_main.htm DOM-based XSS

Slideshow Plugin for WordPress settings.php Multiple Parameter XSS

Zenphoto Verisign_logon.php redirect Parameter XSS

Wordfence Plugin for WordPress email Parameter XSS

Dell OpenManage Server Administrator omalogin.html DOM-based XSS

Symphony Password Retrieval Script XSS

ManageEngine SupportCenter Plus HomePage.do fromCustomer Parameter XSS

ManageEngine OpStor availability730.do days Parameter XSS

WANem index-advanced.php XSS

phpMyAdmin 3.5.x < 3.5.3 Multiple Vulnerabilities (PMASA-2012-6 - PMASA-2012-7)

Poweradmin index.php XSS

MediaWiki index.php uselang Parameter XSS

Atlassian Confluence VelocityServlet Error Page XSS

MDaemon WorldClient < 12.5.7 Multiple Cross-site Scripting Vulnerabilities

LogAnalyzer index.php highlight Parameter XSS

LogAnalyzer index.php filter Parameter XSS

SquidClamav clwarn.cgi url Parameter XSS

phpMyAdmin 3.4.x < 3.4.11.1 / 3.5.x < 3.5.2.2 Multiple XSS (PMASA-2012-4)

Scrutinizer < 9.5.2 exporters.php XSS

Horde Kronolith js/kronolith.js Multiple View XSS

Nagios XI < 2011R1.9 login.php XSS

Nagios XI < 2011R3.0 Multiple XSS Vulnerabilities

Apache Struts2 struts2-showcase edit-person.action Persistent XSS

Apache Struts struts2-rest-showcase orders clientName Parameter Persistent XSS

Apache Struts struts-examples upload-submit.do theText Parameter XSS

Apache Struts struts-cookbook processSimple.do message Parameter XSS

Novell GroupWise WebAccess User.interface XSS

Elgg index.php view Parameter XSS

MailEnable ForgottenPassword.aspx Username Parameter XSS

Pretty Link Plugin for WordPress pretty-bar.php url Parameter XSS

Liferay Portal upload_progress_poller.jsp XSS

Sharebar Plugin for WordPress sharebar-admin.php status Parameter XSS

Apache OFBiz Webslinger Component XSS

phpMyAdmin Replication Setup js/replication.js Database Name XSS

McAfee WebShield UI dashboard XSS

Symantec Web Gateway timer.php XSS (SYM12-006)

Moodle MSA-11-0007 coursetags_more.php XSS

IBM Tivoli Directory Server Web Administration Tool Unspecified XSS

Dolibarr Multiple Script URI XSS

Dolibarr 3.1.0 admin/company.php username Parameter XSS

McAfee WebShield UI ProcessTextFile bodyStyle Parameter XSS

Zenphoto 404 Error Page XSS

phpMyAdmin 3.4.x < 3.4.10.1 Cross-Site Scripting (PMASA-2012-1)

phpLDAPadmin lib/QueryRender.php base Parameter XSS

Oracle WebCenter Content idc/idcplg Multiple Parameter XSS

Oracle WebCenter Content Help Component Cross-Site Scripting

Oracle Fusion WebLogic Server Component WLS-Console Management Interface Unspecified XSS

Symantec Endpoint Protection Manager TestConnection.jsp 'Msg' Parameter XSS (SYM11-009 & SYM12-001)

SimpleSAMLphp logout.php link_href Parameter XSS

Cacti < 0.8.7g Multiple Cross-Site Scripting and HTML Injection Vulnerabilities

phpMyAdmin 3.4.x < 3.4.9 Cross-Site Scripting (PMASA-2011-19 - PMASA-2011-20)

ManageEngine ServiceDesk Plus 8.0.0 < Build 8015 Multiple Cross-Site Scripting Vulnerabilities

phpMyAdmin 3.4.x < 3.4.8 Cross-Site Scripting (PMASA-2011-18)

ManageEngine ADSelfService EmployeeSearch.cc Cross-Site Scripting

Adobe Flex SDK Cross-Site Scripting (APSB11-25)

phpMyAdmin 3.4.x < 3.4.6 Cross-Site Scripting (PMASA-2011-16)

MODx < 2.0.3-pl modahsh Parameter XSS

phpMyAdmin 3.4.x < 3.4.5 Cross-site Scripting (PMASA-2011-14)

Phorum 5.2.x < 5.2.17 'control.php' 'real_name' Cross-site Scripting

OpenAdmin Tool for Informix informixserver Parameter XSS

phpMyAdmin 3.3.x / 3.4.x < 3.3.10.4 / 3.4.4 Cross-site Scripting (PMASA-2011-13

Sitecore CMS 'default.aspx' Cross-Site Scripting

Apache Hadoop Jetty XSS

CGI Generic Script Injection (quick test)

CGI Generic Cross-Site Scripting (extended patterns)

HP OpenView Performance Insight sendEmail.jsp XSS

MS11-061: Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250) (uncredentialed check)

jCart 1.1 my-item-name POST Parameter XSS

Oracle Secure Backup Administration Server login.php XSS

Mambo task Parameter XSS

Movable Type mt-comments.cgi static Parameter XSS

MDaemon WorldClient < 12.0.3 Summary Page Email Subject XSS

Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (uncredentialed check)

Mailman < 2.1.14 Multiple XSS

IceWarp install/index.html lang Parameter Cross-Site Scripting

HP SiteScope XSS

Atlassian Confluence 2.x >= 2.7 / 3.x < 3.4.9 Multiple Cross-Site Scripting Vulnerabilities

Atlassian Confluence 2.x >= 2.7 / 3.x < 3.4.6 Multiple Cross-Site Scripting Vulnerabilities

MediaWiki API XSS

MediaWiki Backslash Escaped CSS Comments XSS

MyBB xmlhttp.php value Parameter XSS

IBM Lotus Sametime Server stconf.nsf messageString Parameter XSS

CGI Generic Cross-Site Scripting (persistent, 3rd Pass)

MySQL Eventum forgot_password.php XSS

MediaWiki CSS Comments XSS

CGI Generic Cross-Site Scripting (Parameters Names)

Adobe ColdFusion login.cfm Query String XSS (APSB11-04)

PRTG Network Monitor login.htm errormsg Parameter XSS

Moodle PHPCOVERAGE_HOME Parameter XSS

Crystal Reports Server InfoView logonAction Parameter XSS

CGI Generic Cross-Site Scripting (persistent, 2nd pass)

Pligg register.php reg_username Parameter XSS

phpMyAdmin error.php BBcode Tag XSS (PMASA-2010-9)

Git gitweb Multiple Parameter XSS

Openfire Admin Console login.jsp XSS

Twitter Feed for WordPress Plugin url Parameter XSS

MODx login.php 'username' Parameter XSS

FeedList Plugin for WordPress i Parameter XSS

cformsII Plugin for WordPress rs Parameter XSS

YUI charts.swf / swfstore.swf / uploader.swf XSS

Atlassian FishEye Code Metrics Report Plugin XSS

MS10-072: Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048) (remote check)

MantisBT nusoap/nusoap.php NuSOAP WSDL XSS

Nagios XI < 2009R1.3C grab_request_var() Multiple XSS

Nagios XI < 2009R1.3B Multiple Unspecified XSS

SurgeMail surgeweb Cross-Site Scripting

TikiWiki 'tiki-edit_wiki_section.php' type Parameter XSS

Mura CMS link Parameter XSS

Atmail WebMail < 6.2.0 (6.20) 'MailType' Parameter XSS

phpMyAdmin setup.php Verbose Server Name XSS (PMASA-2010-7)

Horde util/icon_browser.php subdir Parameter XSS

CGI Generic HTML Injections (quick test)

FuseTalk usersearchresults.cfm keyword Parameter XSS

FuseTalk categories.aspx FTVAR_SORTORDER Parameter XSS

Oracle BPM Process Administrator tips.jsp context Parameter XSS

MediaWiki profileinfo.php 'filter' Parameter XSS

VMware vCenter Update Manager XSS

Nessus Web Server XSS

CGI Generic Cross-Site Scripting (comprehensive test)

Pligg search.php search Parameter XSS

FireStats window-add-excluded-ip.php 'edit' parameter XSS

Tomcat 4.1 XSS

Apache Tomcat JSP2 Examples XSS

Wing FTP Server < 3.5.1 XSS

Apache Tomcat Implicit Objects XSS

Splunk 4.x < 4.1.3 404 Response XSS

Microsoft SharePoint Services Help.aspx 'cid0' Parameter XSS

TaskFreak! logout.php tznMessage Parameter XSS

PRTG Traffic Grapher login.htm url Parameter XSS

MoinMoin PageEditor.py template Parameter XSS

ManageEngine ADAudit Plus 'reportList' Parameter XSS

ManageEngine ADManager Plus 'computerName' Parameter XSS

Adobe ColdFusion 'cfadminUserId' XSS (APSB10-11)

Resin resin-admin/digest.php XSS

Ektron CMS400.NET 'workarea/reterror.aspx' info Parameter XSS

CGI Generic Cross-Site Scripting (HTTP Headers)

MODx SearchHighlight plugin XSS

Atlassian JIRA 500page.jsp Referer XSS

VMware ESX WebAccess Context Data XSS (VMSA-2010-0005)

ViewVC viewvc.cgi search Parameter XSS

DotNetNuke SearchResults.aspx < 5.3.0 XSS

IBM Multiple Products login.php Query String XSS

SAP BusinessObjects viewError.jsp 'error' Parameter XSS

SilverStripe Forums Module 'Search' Parameter XSS

Mort Bay Jetty Multiple XSS

daloRADIUS login.php error Parameter XSS

ClarkConnect proxy.php url Parameter XSS

TestLink login.php req Parameter XSS

e107 submitnews.php XSS

DotNetNuke SearchResults.aspx < 5.2.0 XSS

GForge help/tracker.php helpname Parameter XSS

Jetty CookieDump.java Sample Application Persistent XSS

Axon Virtual PBX /logon Multiple Parameter XSS

XOOPS misc.php Query String XSS

CGI Generic Cross-Site Scripting (persistent)

PeopleSoft PeopleTools JMS Listening Connector Activity Parameter XSS

ViewVC Invalid Parameter Arbitrary HTML Injection

BuildBot WebStatus waterfall 'branch' Parameter XSS

Adobe ColdFusion <= 8.0.1 Multiple XSS

BASE < 1.4.4 base_local_rules.php dir Parameter XSS

IBM Rational RequisitePro ReqWebHelp Multiple XSS

Symantec SecurityExpressions Audit and Compliance Server Multiple XSS

Lyris ListManager Multiple XSS

Ektron CMS400.NET id Parameter XSS

Orion Application Server Web Examples Multiple XSS

3CX Phone System login.php Multiple Parameter XSS

Oracle Database Secure Enterprise Search search/query/search search_p_groups Parameter XSS

TinyBrowser Multiple Flaws

CommuniGate Pro WebMail < 5.2.15 XSS

IBM Rational ClearQuest Multiple XSS Flaws

Sun Java Web Console helpwindow.jsp / masthead.jsp Multiple XSS

Movable Type mt-wizard.cgi set_static_uri_to Parameter XSS

CGI Generic Cross-Site Scripting (quick test)

Kerio MailServer < 6.6.2 Patch 3 / 6.7.0 Patch 1 XSS (KSEC-2009-06-08-01)

Joomla! < 1.5.11 JA_Purity Template Multiple XSS

DotNetNuke ErrorPage.aspx XSS

Novell GroupWise WebAccess Login Page User.lang Parameter XSS

Sun Java System Calendar Server login.wcap Fmt-out Parameter XSS

AXIGEN Webmail < 7.1.0 HTML Body Script Insertion

SquirrelMail contrib/decrypt_headers.php XSS

Project Woodstock 404 Error Page UTF-7 Encoded XSS

Atmail WebMail <= 5.6.1 (5.61) webadmin/admin.php Multiple Parameter XSS

Atmail WebMail <= 5.6.0 (5.60) Email Body Injection

Apache Struts s:a / s:url Tag href Element XSS

BlackBerry Enterprise Server MDS Connection Service XSS

Atlassian JIRA < 3.13.3 DWR 'c0-id' XSS

SAP DB / MaxDB WebDBM Multiple Parameter XSS

Tomcat Sample App cal2.jsp time Parameter XSS (CVE-2009-0781)

Novell GroupWise < 7.03HP2 / 8.0HP1 WebAccess Multiple XSS

ESET Remote Administrator < 3.0.105 Additional Report Settings XSS

Mono ASP.NET action Attribute XSS

Apache Jackrabbit q Parameter XSS

Apache Roller q Parameter XSS

IceWarp Merak Mail Server < 9.4.0 IMG Tag XSS

Kerio MailServer < 6.6.2 Multiple XSS (KSEC-2008-12-16-01)

WordPress wp-includes/feed.php self_link() Function Host Header RSS Feed XSS

MDaemon WorldClient < 10.0.2 Email Handling XSS

HP System Management Homepage < 2.1.15.210 Unspecified XSS

MailMarshal Spam Quarantine Management (SQM) Multiple Component XSS

CiscoWorks Server Common Services Login Page XSS

Cisco Secure Access Control Server (ACS) CSUserCGI.exe Help Facility XSS

MS Site Server < 3.0 formslogin.asp url Parameter XSS

HP System Management Homepage < 2.1.12 Unspecified XSS

CGIWrap Charset Specification Weakness Error Message XSS

Resin viewfile Servlet file Parameter XSS

Adobe Flex 3 History Management historyFrame.html XSS

Lyris ListManager read/search/results words Parameter XSS

dotCMS search-results.dot search_query Parameter XSS

Xerox DocuShare dsweb Servlet Multiple XSS

Barracuda Spam Firewall cgi-bin/ldap_test.cgi email Parameter XSS

Django Administration Application Login Form XSS

Sun Java System Web Server Search Module XSS

SmarterMail Subject Field XSS

OSSIM Framework session/login.php dest Parameter XSS

BEA Plumtree portal/server.pt name Parameter XSS

ProjectPier index.php Multiple Parameter XSS

F5 BIG-IP Web Management Multiple XSS

Sun Java System Identity Manager Multiple XSS

IceWarp Mail Server admin/index.html message Parameter XSS

Websense Reporting Tools WsCgiLogin.exe username Parameter XSS

NetScaler Web Management ws/generic_api_call.pl standalone Parameter XSS

Mort Bay Jetty Dump Servlet (webapps/test/jsp/dump.jsp) XSS

ht://dig htsearch sort Parameter XSS

ManageEngine OpManager Login.do Multiple Parameter XSS

GForge account/verify.php confirm_hash Parameter XSS

Google Mini Search Appliance search Script ie Parameter XSS

Tomcat Sample App cal2.jsp time Parameter XSS (CVE-2006-7196)

IceWarp Merak Mail Server < 9.0.0 BODY Element XSS

Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS

Joomla! com_content Component (components/com_content/content.php) order Parameter XSS

FuseTalk Multiple Script XSS

Apache MyFaces Tomahawk JSF Application autoscroll Multiple XSS

Tomcat snoop.jsp URI XSS

HP System Management Homepage < 2.1.2 Unspecified XSS

Tomcat Sample App hello.jsp test Parameter XSS

CommuniGate Pro WebMail w/ MSIE STYLE Tag XSS

Horde NLS.php Language Selection new_lang Parameter XSS

ColdFusion MX Null Byte Tag Cross-Site Scripting Protection Bypass

ColdFusion Web Server User-Agent HTTP Header Error Message XSS

CuteNews 1.4.5 Multiple Script XSS

IBM WebSphere Application Server SOAP Connector Error Page XSS

Sun Secure Global Desktop / Tarantella < 4.20.983 Multiple XSS

SAP Internet Transaction Server wgate Multiple Parameter XSS

Web Server Expect Header XSS

Horde < 3.0.11 / 3.1.2 Multiple Script XSS

mvnForum activatemember Multiple Parameter XSS

UBB.threads ubbthreads.php debug Parameter XSS

Pubcookie Login Server index.cgi XSS

ArGoSoft Mail Server Pro Webmail viewheaders Multiple Field XSS

NeoMail neomail.pl sort Parameter XSS

Snitz Forums 2000 post.asp type Parameter XSS

Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS

WebWasher < 4.4.1 Build 1613 Multiple XSS

CubeCart < 3.0.4 Multiple Script XSS

Guppy Multiple HTTP Header XSS

WEBppliance ocw_login_username Parameter XSS

Open WebMail sessionid Parameter XSS

Lotus Domino Multiple Script Src / BaseTarget XSS

phpGroupWare Main Screen Message Body XSS

Greymatter Comment Name Field Control Panel Log XSS

CMSimple Guestbook Module index.php XSS

CMSimple index.php search Function XSS

Sawmill < 7.1.14 GET Request Query String XSS

Dada Mail Archived Message XSS

PHP-Fusion < 6.00.108 BBCode Nested URL Tag XSS

ATutor 1.5.1 Multiple Script XSS

Phorum register.php Username Field XSS

phpMyAdmin < 2.6.4 Multiple XSS

phpGraphy EXIF Data XSS

PhotoPost PHP Pro EXIF Data XSS

Gallery EXIF Data XSS

Coppermine Photo Gallery EXIF Data XSS

BMForum Multiple Script XSS

Ultimate PHP Board 1.9.6 GOLD Multiple Scripts XSS (1)

Ultimate PHP Board 1.9.6 GOLD Multiple Scripts XSS (2)

JAWS Glossary Gadget Multiple XSS

AutoIndex PHP Script index.php search Parameter XSS

Fusebox index.cfm fuseaction Parameter XSS

GForge <= 4.5 Multiple Script XSS

Advanced Guestbook User-Agent Header HTML Injection

Gossamer Threads Links < 3.0.4 Multiple Script XSS

Gossamer Threads Links user.cgi url Parameter XSS

Novell GroupWise WebAccess Email IMG SRC XSS

SiteMinder 5.5 Multiple Script XSS

MediaWiki Page Move Template XSS

phpBB2 Plus <= 1.52 Multiple XSS

cPanel cpsrvd.pl user Parameter XSS

osCommerce application_top.php Multiple Parameter HTTP Response Splitting

DotNetNuke < 3.0.12 Multiple XSS

MediaWiki Page Template Inclusions HTML Attributes XSS

BookReview 1.0 Multiple Script XSS

SqWebMail redirect Parameter CRLF Injected XSS

Sambar Server Administrative Interface Multiple XSS

mvnForum Search Parameter XSS

ASP-DEv XM Forum post.asp IMG Tag XSS

SurgeMail <= 3.0c2 Multiple XSS

Skull-Splitter Guestbook Multiple Field XSS

Woltlab Burning Board pms.php folderid Parameter XSS

PwsPHP profil.php id Parameter XSS

RSA Security RSA Authentication Agent For Web For IIS XSS

Invision Power Board index.php Multiple Parameter XSS

RM SafetyNet Plus snpfiltered.pl u Parameter XSS

Serendipity BBCode Plugin XSS

IMP common-footer.inc Parent Frame Page Title XSS

Horde Turba common-footer.inc Parent Frame Page Title XSS

Horde Nag common-footer.inc Parent Frame Page Title XSS

Horde Mnemo common-footer.inc Parent Frame Page XSS

Horde Turba Contact Manager common-footer.inc Parent Frame Page Title XSS

Horde Chora common-footer.inc Page Title XSS

WebcamXP Chat Name XSS

Coppermine Photo Gallery init.inc.php X-Forwarded-For XSS

IlohaMail read_message.php Attachment Multiple Field XSS

sphpblog search.php q Parameter XSS

Pinnacle Cart index.php pg Parameter XSS

Comersus Cart comersus_searchItem.asp curPage Parameter XSS

PostNuke < 0.760 RC4 Multiple Script XSS

ProfitCode PayProCart usrdetails.php sgnuptype Parameter XSS

Comersus Cart Account Username Field XSS

SonicWALL SOHO Web Interface XSS

PHP < 4.4.2 Multiple Cross-Site Scripting Vulnerabilities

Oracle 9i Application Server HTTP Request Smuggling

phpMyAdmin index.php convcharset Parameter XSS

Mailreader network.cgi enriched/richtext MIME Message XSS

Horde Parent Frame Page Title XSS

CPG Dragonfly Multiple XSS

phpMyDirectory review.php subcat Parameter XSS

PHPSysInfo < 2.5 Multiple Script XSS

Invision Power Board HTTP POST Request IFRAME Tag XSS

Kayako eSupport Troubleshooter Module index.php Multiple Parameter XSS

PunBB profile.php Multiple Parameter XSS

Phorum < 5.0.15 Multiple XSS

paBox pabox.php posticon Parameter XSS

YaBB YaBB.pl usersrecentposts Action username Parameter XSS

PHP-Fusion BBCode IMG Tag XSS

CuteNews <= 1.3.6 Multiple XSS

Verity Ultraseek Search Request XSS

phpMyAdmin < 2.6.1 pl2 Libraries and Themes Multiple XSS

Invision Power Board COLOR SML Tag XSS

Zeroboard < 4.1pl6 Multiple XSS

paNews comment.php showpost Parameter XSS

osCommerce contact_us.php enquiry Parameter XSS

Kayako eSupport index.php nav Parameter XSS

Open WebMail openwebmail.pl logindomain Parameter XSS

SunShop Shopping Cart index.php search Parameter XSS

Claroline add_course.php Multiple Parameter XSS

ht://Dig htsearch.cgi config Parameter XSS

Mambo Site Server mos_change_template XSS

SmarterTools SmarterMail Attachment Upload XSS

vBulletin BB Tag XSS

ExBB Netsted BBcode XSS

pLog register.php Multiple Parameter XSS

Bugzilla Internal Error Response XSS

BiTBOARD IMG BBCode Tag XSS

Gallery login.php username Parameter XSS

Novell GroupWise 6.5.3 WebAccess Multiple XSS

Siteman forum.php page Parameter XSS

Horde < 3.0.1 Multiple Script XSS

phpGroupWare index.php Calendar Date XSS

MySQL Eventum index.php email Parameter XSS

YaCy Peer-To-Peer Search Engine XSS

ArGoSoft Mail Server Unspecified XSS

CVSTrac < 1.1.5 Multiple XSS

UseModWiki wiki.pl XSS

UBB.threads < 6.5.1 Multiple XSS

PunBB URL Quote Tag XSS

PunBB profile.php XSS

PunBB < 1.1.2 install.php XSS

PunBB IMG Tag Client Side Scripting XSS

Serendipity compat.php searchTerm Parameter XSS

Apache Jakarta Lucene results.jsp XSS

InMail/InShop inmail.pl / inshop.pl XSS

YaBB Shadow BBCode Tag XSS

phpCMS parser.php file Parameter XSS

Aztek Forum Multiple Script XSS

phpMyAdmin < 2.6.0-pl3 Multiple XSS

TikiWiki tiki-error.php XSS

TeeKai Tracking Online XSS

ht://Dig htsearch.cgi words Parameter XSS

TIPS MailPost append Parameter XSS

Cherokee Web Server Error Page XSS

Horde IMP status.php3 script Parameter XSS

Horde Application Framework Help Window Multiple Parameter XSS

MoniWiki < 1.0.9 wiki.php XSS

Faq-O-Matic fom.cgi Multiple Parameter XSS

IBM Lotus Notes/Domino Square Brackets Encoding Failure XSS

Pinnacle ShowCenter SettingsBase.php Skin Parameter XSS

XOOPS viewtopic.php Multiple Parameter XSS

FuseTalk Forum img src Tag XSS

CjOverkill trade.php Multiple Method XSS

Invision Power Board Referer field XSS

Horde IMP HTML MIME Viewer Multiple XSS

PHP-Fusion homepage address Parameter XSS

WordPress < 1.2.2 Multiple XSS

vBulletin memberlist.php what Parameter XSS

ViewCVS viewcvs.cgi Multiple Parameter XSS

OpenBB board.php FID Parameter XSS

vBulletin newreply.php WYSIWYG_HTML Parameter XSS

PostNuke News Module article.php sid Parameter XSS

phpGroupWare Wiki Module XSS

OpenCA Client System Browser Form Input Field XSS

PsNews index.php Multiple Parameter XSS

Keene Digital Media Server Multiple Script XSS

CuteNews index.php mod Parameter XSS

DasBlog Activity / Event Viewer Multiple HTTP Header XSS

IlohaMail user Parameter XSS

IlohaMail Email Header XSS

Citrix NFuse Launch Scripts NFuse_Application Parameter XSS

XOOPS <= 1.0 Dictionary Module Multiple Scripts XSS

phpScheduleIt 1.0.0 RC1 Multiple XSS

Icecast list.cgi User-Agent XSS

Plesk Reloaded login_up.php3 login_name Parameter XSS

PHP Code Snippet Library index.php Multiple Parameter XSS

eGroupWare <= 1.0.00.003 Multiple Module XSS

PHP-Nuke PhotoADay Module pad_selected Parameter XSS

Mantis < 0.18.1 Multiple Unspecified XSS

Sympa New List Creation Description Field XSS

CuteNews show_archives.php archive Parameter XSS

BasiliX Webmail Content-Type Header XSS

Moodle post.php reply Parameter XSS

WackoWiki TextSearch phrase Parameter XSS

BreakCalendar < 1.3 XSS

BasiliX Message Content XSS

SquirrelMail < 1.2.11 Multiple Script XSS

PostNuke Reviews Module title Parameter XSS

WebCam Watchdog sresult.exe XSS

Phorum search.php subject Parameter XSS

PowerPortal modules/private_messages/index.php Multiple Parameter XSS

Horde IMP with MSIE MIME Viewer Email Message XSS

Xitami testssi.ssi HTTP Header XSS

phpBB < 2.0.10 Multiple XSS

Citrix MetaFrame XP login.asp NFuse_Message Parameter XSS

IMP Content-Type Header XSS

Open WebMail Multiple Content Header XSS

Oracle 9iAS iSQLplus XSS

Invision Power Board index.php pop Parameter XSS

vHost < 3.10r1 Unspecified XSS

phpBB < 2.0.7 Multiple XSS

SandSurfer < 1.7.1 XSS

vBulletin search.php query Parameter XSS

ASP Portal User Profile XSS

Mambo Site Server itemid Parameter XSS

miniBB bb_func_usernfo.php Website Name Field XSS

SGDynamo sgdynamo.exe HTNAME XSS

Horde IMP IMP_MIME_Viewer_html Class XSS

Gallery search.php searchstring Parameter XSS

TMaxSoft JEUS url.jsp URI XSS

pod.board 1.1 Multiple Script XSS

PostNuke < 0.7.2.3 Multiple Script XSS

LedNews News Post XSS

Zeus Admin vs_diag.cgi XSS

Bandmin 1.4 index.cgi Multiple Parameter XSS

eZ Publish articleview.php XSS

SHOUTcast Server Admin Log File XSS

Apache mod_ssl Host: Header XSS

Ceilidh testcgi.exe query Parameter XSS

Neoteris IVE swsrv.cgi XSS

Ocean12 Guestbook XSS

XMB < 1.9.1 Multiple XSS

XOOPS Glossary Module glossaire-aff.php lettre Parameter XSS

CC GuestBook cc_guestbook.pl Multiple Parameter XSS

Sambar Server Multiple Script XSS

paFileDB pafiledb.php id Parameter XSS

WebChat XSS

ez Publish Multiple XSS

Siteframe search.php searchfor Parameter XSS

DCP-Portal Multiple Script XSS

Basit CMS Multiple Script XSS

Mambo Site Server 4.0.10 XSS

osCommerce 2.2ms1 Multiple Script XSS

MyAbraCadaWeb header.php ma_kw Parameter XSS

SquirrelMail 1.2.9 / 1.2.10 read_body.php Multiple Parameter XSS

RSA ClearTrust ct_logon.asp Multiple Parameter XSS

Microsoft IIS shtml.dll XSS

IBM Lotus Domino nsf File Argument XSS

Auction Deluxe auction.pl Multiple Parameter XSS

Simple File Manager Directory / Filename XSS

Microsoft IIS IDC Extension XSS

Apache Tomcat DOS Device Name XSS

Apache Tomcat /servlet Mapping XSS

IBM WebSphere Traversal Error Page XSS

Apache JServ Nonexistent JSP Request XSS

Oracle 9iAS mod_plsql Multiple Procedures XSS

Microsoft IIS ASP Redirection Function XSS

FastCGI Multiple Sample CGI XSS

AgoraCart agora.cgi cart_id Parameter XSS

Webalizer < 2.01-09 Multiple XSS

Web Server Generic XSS

Microsoft IIS 5.0 Form_JScript.asp XSS