Plugins: CGI abuses : XSS

IBM WebSphere Portal XSS (swg22008028)

Splunk Enterprise 6.6.x < 6.6.3 / Splunk Light 6.6.x < 6.6.3 Multiple XSS

IBM WebSphere Portal 8.0.0.x < CF22 Unspecified XSS (PI80564)

IBM WebSphere Portal 7.0.0.x < CF30 Unspecified XSS (PI80564)

EMC RSA Authentication Manager < 8.2 SP1 Patch 1 Token Profile Name Stored XSS (ESA-2017-068)

Check_MK < 1.4.0p6 XSS

Sophos Web Appliance < 4.3.2 FTP Redirect Page Reflected XSS

Sophos Web Appliance < 4.3.0 FTP Redirect Page Reflected XSS

McAfee ePolicy Orchestrator 5.1.x < 5.1.3 HF1110787 Computer Management Services XSS (SB10184)

Tenable Nessus 6.8.x and 6.9.x < 6.9.1 Stored XSS (TNS-2016-17)

Tenable Nessus 6.x < 6.9 Multiple Vulnerabilities (TNS-2016-16) (SWEET32)

Tenable Nessus 6.x < 6.9.3 Multiple Stored XSS

Adobe Connect < 9.5.7 event_registration.html Multiple Parameter XSS (APSB16-35)

VMware vRealize Log Insight 2.x / 3.x < 3.3.2 Multiple Vulnerabilities (VMSA-2016-0008)

ManageEngine ADSelfService Plus < 5.3 Build 5313 PasswordSelfServiceAPI XSS

VMware vCenter Server 5.0.x < 5.0u3g / 5.1.x < 5.1u3d / 5.5.x < 5.5u2d Reflected XSS (VMSA-2016-0009)

BlackBerry Enterprise Service (BES) Management Console 12.x < 12.4.1 Multiple XSS

McAfee Email Gateway 7.6.x < 7.6.404 Blocked Email Alert XSS (SB10153)

VMware vRealize Automation 6.x < 6.2.4 Unspecified Stored XSS (VMSA-2016-0003)

Piwik < 2.16.0 Unspecified XSS

ManageEngine Firewall Analyzer Multiple XSS

VMware vRealize Business Unspecified Stored XSS (VMSA-2016-0003)

Apache Jetspeed Portal URI Path Reflected XSS

Nessus Web UI Scanned Content Stored XSS

Tenable Nessus < 6.5.5 Host Details Scan Results XSS

Fortinet FortiWeb 5.1.2 < 5.3.5 Autolearn Configuration Multiple XSS

Fortinet FortiADC Model D < 4.2 Theme Login Page XSS

ManageEngine AssetExplorer < 6.1.0 Build 6113 Multiple XSS

Fortinet FortiManager FortiOS 5.0.x >= 5.0.3 and < 5.0.11 Dataset Reports XSS

Fortinet FortiAnalyzer FortiOS 5.0.x < 5.0.11 / 5.2.x < 5.2.2 Dataset Reports XSS

DNN (DotNetNuke) < 7.4.2 Multiple Vulnerabilities

Joomla! 3.4.x < 3.4.4 Login Module XSS

Splunk Enterprise 6.2.x < 6.2.6 / Splunk Light 6.2.x < 6.2.6 Splunk Web XSS

MS15-087: Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459) (uncredentialed check)

Atlassian JIRA 4.2.x < 5.1.1 Multiple XSS

Atlassian JIRA 4.2.x < 4.4 / 4.3.x < 4.4 Multiple XSS

IBM Rational License Key Server Administration and Reporting Tool 8.1.4.x < XSS

Adobe/Apache Flex ASDoc Tool XSS

WordPress Multiple XSS

WP Super Cache Plugin for WordPress wp-cache.php Cache List Content Handling XSS

MyBB < 1.6.15 Video MyCode XSS

Fortinet FortiMail < 4.3.9 / 5.0.8 / 5.1.5 / 5.2.3 XSS

Symantec Data Center Security Server 'WCUnsupportedClass.jsp' XSS

Symantec Data Center Security Server 'SSO-Error.jsp' XSS (SYM15-001)

FancyBox Plugin for WordPress 'mfbfw' Parameter Persistent XSS

Fortinet FortiAuthenticator 'operation' Parameter XSS

DNN (DotNetNuke) < 7.4.0 Unspecified Persistent XSS

W3 Total Cache Plugin For WordPress Cache Key XSS

LogAnalyzer < 3.6.6 index.php / detail.php 'hostname' Parameter XSS

Apache Traffic Server Host HTTP XSS

LiveZilla < XSS

Google Calendar Events Plugin for WordPress 'admin-ajax.php' XSS

Fortinet FortiAnalyzer / FortiManager < 5.0.7 Multiple Unspecified XSS (FG-IR-14-033)

phpMyAdmin 4.0.x < / 4.1.x < / 4.2.x < Multiple XSS (PMASA-2014-12)

phpMyAdmin 4.0.x < / 4.1.x < / 4.2.x < 'ENUM' Value XSS (PMASA-2014-11)

MediaWiki < 1.19.20 / 1.22.12 / 1.23.5 'includes/OutputPage.php' XSS

MediaWiki < 1.19.19 / 1.22.11 / 1.23.4 SVG Upload and CSS XSS

Moodle Multiple XSS

Webmin < 1.690 Multiple XSS

Usermin < 1.600 Multiple Vulnerabilities

Riverbed SteelApp (Stingray) Traffic Manager < 9.7 Multiple XSS

IBM WebSphere Portal Unspecified XSS (PI16174)

IBM WebSphere Portal Unspecified XSS (PI16127)

IBM WebSphere Portal Unspecified XSS (PI18845)

ManageEngine EventLog Analyzer 'j_username' XSS

phpMyAdmin 4.0.x < / 4.1.x < / 4.2.x < Multiple XSS Vulnerabilities (PMASA-2014-8 - PMASA-2014-9)

Gurock TestRail < 3.1.3 XSS

Fortinet FortiWeb 5.x < 5.2.1 Multiple XSS Vulnerabilities

CKEditor Preview Plugin Unspecified XSS

phpMyAdmin 4.1.x < / 4.2.x < 4.2.4 Navigation Hiding Items Multiple XSS (PMASA-2014-3)

phpMyAdmin 4.2.x < 4.2.4 Recent/Favorite Table Navigation Multiple XSS (PMASA-2014-2)

MediaWiki < 1.19.16 / 1.21.10 / 1.22.7 'Special:PasswordReset' XSS

McAfee Web Gateway < / XSS

Blackboard Learning System <= 8.0 SP6 Unspecified XSS

Juniper ScreenOS < 5.4.0r10 / 6.0 < 6.0.0r6 / 6.1 < 6.1.0r2 Web Interface and Telnet Login Pages XSS (JSA10388)

Splunk '/en-US/app/' Referer Header XSS

IBM WebSphere Portal Unspecified JSP XSS (PI16040)

IBM WebSphere Portal 'boot_config.jsp' XSS (PI16041)

IBM WebSphere Portal 'FilterForm.jsp' XSS (PI15690)

Puppet Enterprise Multiple XSS Vulnerabilities

Puppet Dashboard Multiple XSS Vulnerabilities

MediaWiki < 1.21.9 / 1.22.6 'InfoAction.php' XSS

Symantec Messaging Gateway 10.x < 10.5.2 Management Console XSS (SYM14-006)

Atmail Webmail 6.6.x < 6.6.3 / 7.x < 7.0.3 File Name Parameter XSS

Atmail Webmail < 6.5.0 'DOM processor' XSS

Atmail Webmail 4.x < 4.6.1 (4.61) '' XSS

Fortinet FortiWeb 5.x < 5.1.0 XSS

Fortinet FortiWeb 5.x < 5.0.4 XSS

Fortinet FortiMail < 4.3.4 / 5.0.0 Multiple XSS

Liferay Portal 6.2.0 CE GA1 Multiple XSS

IBM WebSphere Portal CF11 Multiple XSS

IBM WebSphere Portal Themes Unspecified XSS (PM90118)

IBM WebSphere Portal Web Content Viewer Portlet XSS (PM84525)

EMC RSA Authentication Manager 7.x < 7.1 SP4 Patch 32 Unspecified XSS

Better WP Security Plugin for WordPress Multiple XSS

Splunk < 5.0.8 Unspecified XSS

IBM WebSphere Portal Tagging Reflected XSS (PM96047)

IBM WebSphere Portal Unspecified Reflected XSS

DNN (DotNetNuke) < 7.2.2 Unspecified XSS

phpMyAdmin 3.x >= 3.3.1 / 4.x < 4.1.7 import.php XSS (PMASA-2014-1)

ASUS Routers flag Parameter XSS

CoSoSys Endpoint Protector < Unspecified XSS

Zimbra Collaboration Server aspell.php dictionary Parameter XSS

JForum start Parameter XSS

Synology DiskStation Manager < 4.3-3776 Update 3 info.cgi Multiple Parameters XSS

HP Autonomy Ultraseek 5 Unspecified XSS

Oracle Containers for J2EE Component Unspecified XSS

Novell Identity Manager Roles Based Provisioning Module taskId XSS

RomPager HTTP Referer Header XSS

Splunk < 5.0.6 Unspecified XSS

Juniper Junos EmbedThis AppWeb error Parameter XSS

Drupal Google Site Search Module API Data Handling XSS

Joomla! 2.5.x < 2.5.16 / 3.x < 3.1.6 Multiple XSS

Dell iDRAC6 / iDRAC7 Login Page 'ErrorMsg' Parameter XSS

Cisco Prime LAN Management Solution Cross-Frame Scripting

SecurityCenter devform.php message Parameter XSS

Moodle 'external.php' 'badge' Parameter XSS

DNN (DotNetNuke) __dnnVariable Parameter XSS

Joomla! 'lang' Parameter XSS

Cisco Prime Network / Wireless Control System Health Monitor Reflected XSS

VLC Web Interface XML Services XSS

McAfee ePolicy Orchestrator < 4.6.7 Multiple XSS

phpMyAdmin 4.x < 4.0.3 XSS (PMASA-2013-6)

Plone spamProtect mailaddress Parameter XSS

Citrix AGEE Logon Portal Unspecified XSS

Gallery 3.0.x < 3.0.8 Multiple XSS

Novell ZENworks Configuration Console Login.jsp language Parameter XSS

DNN (DotNetNuke) 7.0.x < 7.0.6 Unspecified Modal Window XSS

Securimage example_form.php XSS

DNN (DotNetNuke) Language Flag Selector Culture XSS

e107 content_preset.php URI XSS

HP Managed Printing Administration < 2.7.0 XSS

phpMyAdmin 3.5.x < 3.5.8 tbl_gis_visualization.php Multiple XSS

Traffic Analyzer Plugin for WordPress 'ta_loaded.js.php' 'aoid' Parameter XSS

Sophos Web Protection Appliance end-user-/errdoc.php 'msg' Parameter XSS

Cerb Multiple Vulnerabilities

MantisBT 1.2.x < 1.2.14 adm_config_report.php Multiple Parameter XSS

McAfee Vulnerability Manager cert_cn Parameter XSS

CKEditor sample_posteddata.php XSS

PHP-Fusion forum/viewthread.php highlight Parameter XSS

LogAnalyzer asktheoracle.php 'query' Parameter XSS

MoinMoin rsslink() Function page_name Parameter XSS

Bugzilla show_bug.cgi id Parameter XSS

MantisBT search.php match_type Parameter XSS

LogAnalyzer userchange.php 'viewid' Parameter XSS

Incapsula Component for Joomla! 'token' Parameter Multiple XSS

Joomla! 2.5.x < 2.5.7 Multiple XSS

ManageEngine AssetExplorer < 5.6.0 Build 5614 XML Asset Data XSS

Horde IMP js/compose-dimp.js XSS

HP LaserJet XSS Vulnerability

Dell OpenManage Server Administrator index_main.htm DOM-based XSS

Slideshow Plugin for WordPress 'settings.php' Multiple Parameter XSS

Zenphoto Verisign_logon.php redirect Parameter XSS

Wordfence Plugin for WordPress 'email' Parameter XSS

Dell OpenManage Server Administrator omalogin.html DOM-based XSS

Symphony Password Retrieval Script XSS

ManageEngine SupportCenter Plus fromCustomer Parameter XSS

ManageEngine OpStor days Parameter XSS

WANem index-advanced.php XSS

phpMyAdmin 3.5.x < 3.5.3 Multiple Vulnerabilities (PMASA-2012-6 - PMASA-2012-7)

Poweradmin index.php XSS

MediaWiki index.php 'uselang' Parameter XSS

Atlassian Confluence VelocityServlet Error Page XSS

MDaemon WorldClient < 12.5.7 Multiple XSS Vulnerabilities

LogAnalyzer index.php 'highlight' Parameter XSS

LogAnalyzer index.php 'filter' Parameter XSS

SquidClamav clwarn.cgi url Parameter XSS

phpMyAdmin 3.4.x < / 3.5.x < Multiple XSS (PMASA-2012-4)

Scrutinizer < 9.5.2 exporters.php XSS

Horde Kronolith js/kronolith.js Multiple View XSS

Nagios XI < 2011R1.9 login.php XSS

Nagios XI < 2011R3.0 Multiple XSS Vulnerabilities

Apache Struts 2 struts2-showcase edit-person.action Persistent XSS

Apache Struts 2 struts2-rest-showcase orders 'clientName' Parameter Persistent XSS

Apache Struts struts-examples 'theText' Parameter XSS

Apache Struts struts-cookbook message Parameter XSS

Novell GroupWise WebAccess User.interface XSS

Elgg index.php view Parameter XSS

MailEnable ForgottenPassword.aspx Username Parameter XSS

Pretty Link Plugin for WordPress 'pretty-bar.php' 'url' Parameter XSS

Liferay Portal upload_progress_poller.jsp XSS

Sharebar Plugin for WordPress 'sharebar-admin.php' 'status' Parameter XSS

Apache OFBiz Webslinger Component XSS

phpMyAdmin Replication Setup js/replication.js Database Name XSS

McAfee WebShield UI Dashboard XSS (SB10026)

Symantec Web Gateway timer.php XSS (SYM12-006)

Moodle MSA-11-0007 'coursetags_more.php' XSS

IBM Tivoli Directory Server Web Administration Tool Unspecified XSS

Dolibarr Multiple Script URI XSS

Dolibarr 3.1.0 admin/company.php username Parameter XSS

McAfee WebShield UI ProcessTextFile bodyStyle Parameter XSS (SB10020)

Zenphoto 404 Error Page XSS

phpMyAdmin 3.4.x < XSS (PMASA-2012-1)

phpLDAPadmin lib/QueryRender.php base Parameter XSS

Oracle WebCenter Content idc/idcplg Multiple Parameter XSS

Oracle WebCenter Content Help Component XSS

Oracle Fusion WebLogic Server Component WLS-Console Management Interface Unspecified XSS

Symantec Endpoint Protection Manager TestConnection.jsp 'Msg' Parameter XSS (SYM11-009 & SYM12-001)

SimpleSAMLphp logout.php link_href Parameter XSS

Cacti < 0.8.7g Multiple XSS and HTML Injection Vulnerabilities

phpMyAdmin 3.4.x < 3.4.9 XSS (PMASA-2011-19 - PMASA-2011-20)

ManageEngine ServiceDesk Plus 8.0.0 < Build 8015 Multiple XSS Vulnerabilities

phpMyAdmin 3.4.x < 3.4.8 XSS (PMASA-2011-18)

ManageEngine ADSelfService Multiple XSS

Adobe Flex SDK Cross-Site Scripting (APSB11-25)

phpMyAdmin 3.4.x < 3.4.6 XSS (PMASA-2011-16)

MODx < 2.0.3-pl modahsh Parameter XSS

phpMyAdmin 3.4.x < 3.4.5 XSS (PMASA-2011-14)

Phorum 5.2.x < 5.2.17 'control.php' 'real_name' XSS

OpenAdmin Tool for Informix informixserver Parameter XSS

phpMyAdmin 3.3.x / 3.4.x < / 3.4.4 XSS (PMASA-2011-13

Sitecore CMS 'default.aspx' XSS

Apache Hadoop Jetty XSS

CGI Generic Script Injection (quick test)

CGI Generic XSS (extended patterns)

HP OpenView Performance Insight sendEmail.jsp XSS

MS11-061: Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250) (uncredentialed check)

jCart 1.1 my-item-name POST Parameter XSS

Oracle Secure Backup Administration Server login.php XSS

Mambo task Parameter XSS

Movable Type mt-comments.cgi static Parameter XSS

MDaemon WorldClient < 12.0.3 Summary Page Email Subject XSS

Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (uncredentialed check)

Mailman < 2.1.14 Multiple XSS

IceWarp install/index.html lang Parameter XSS

HP SiteScope XSS

Atlassian Confluence 2.x >= 2.7 / 3.x < 3.4.9 Multiple XSS

Atlassian Confluence 2.x >= 2.7 / 3.x < 3.4.6 Multiple XSS

MediaWiki API XSS

MediaWiki Backslash Escaped CSS Comments XSS

MyBB xmlhttp.php 'value' Parameter XSS

IBM Lotus Sametime Server stconf.nsf messageString Parameter XSS

CGI Generic XSS (persistent, 3rd Pass)

MySQL Eventum forgot_password.php XSS

MediaWiki CSS Comments XSS

CGI Generic XSS (Parameters Names)

Adobe ColdFusion login.cfm Query String XSS (APSB11-04)

PRTG Network Monitor login.htm errormsg Parameter XSS


Crystal Reports Server InfoView logonAction Parameter XSS

CGI Generic XSS (persistent, 2nd pass)

Pligg register.php reg_username Parameter XSS

phpMyAdmin error.php BBcode Tag XSS (PMASA-2010-9)

Git gitweb Multiple Parameter XSS

Openfire Admin Console login.jsp XSS

Twitter Feed for WordPress Plugin 'url' Parameter XSS

MODx login.php 'username' Parameter XSS

FeedList Plugin for WordPress 'i' Parameter XSS

cformsII Plugin for WordPress 'rs' Parameter XSS

YUI charts.swf / swfstore.swf / uploader.swf XSS

Atlassian FishEye Code Metrics Report Plugin XSS

MS10-072: Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048) (remote check)

MantisBT nusoap/nusoap.php NuSOAP WSDL XSS

Nagios XI < 2009R1.3C grab_request_var() Multiple XSS

Nagios XI < 2009R1.3B Multiple Unspecified XSS

SurgeMail surgeweb XSS

TikiWiki 'tiki-edit_wiki_section.php' type Parameter XSS

Mura CMS link Parameter XSS

Atmail WebMail < 6.2.0 (6.20) 'MailType' Parameter XSS

phpMyAdmin setup.php Verbose Server Name XSS (PMASA-2010-7)

Horde util/icon_browser.php subdir Parameter XSS

CGI Generic HTML Injections (quick test)

FuseTalk usersearchresults.cfm keyword Parameter XSS

FuseTalk categories.aspx FTVAR_SORTORDER Parameter XSS

Oracle BPM Process Administrator tips.jsp context Parameter XSS

MediaWiki profileinfo.php 'filter' Parameter XSS

VMware vCenter Update Manager XSS

Nessus Web Server XSS

CGI Generic XSS (comprehensive test)

Pligg search.php search Parameter XSS

FireStats window-add-excluded-ip.php 'edit' parameter XSS

Apache Tomcat 4.1 XSS

Apache Tomcat JSP2 Examples XSS

Wing FTP Server < 3.5.1 XSS

Apache Tomcat Implicit Objects XSS

Splunk 4.x < 4.1.3 404 Response XSS

Microsoft SharePoint Services Help.aspx 'cid0' Parameter XSS

TaskFreak! logout.php tznMessage Parameter XSS

PRTG Traffic Grapher login.htm url Parameter XSS

MoinMoin template Parameter XSS

ManageEngine ADAudit Plus 'reportList' Parameter XSS

ManageEngine ADManager Plus 'computerName' Parameter XSS

Adobe ColdFusion 'cfadminUserId' XSS (APSB10-11)

Resin resin-admin/digest.php XSS

Ektron CMS400.NET 'workarea/reterror.aspx' info Parameter XSS

CGI Generic XSS (HTTP Headers)

MODx SearchHighlight plugin XSS

Atlassian JIRA 500page.jsp Referer XSS

VMware ESX WebAccess Context Data XSS (VMSA-2010-0005)

ViewVC viewvc.cgi search Parameter XSS

DNN (DotNetNuke) < 5.3.0 SearchResults.aspx XSS

IBM Multiple Products login.php Query String XSS

SAP BusinessObjects viewError.jsp 'error' Parameter XSS

SilverStripe Forums Module 'Search' Parameter XSS

Mort Bay Jetty Multiple XSS

daloRADIUS login.php error Parameter XSS

ClarkConnect proxy.php url Parameter XSS

TestLink login.php req Parameter XSS

e107 submitnews.php XSS

DNN (DotNetNuke) < 5.2.0 SearchResults.aspx XSS

GForge help/tracker.php helpname Parameter XSS

Jetty Sample Application Persistent XSS

Axon Virtual PBX /logon Multiple Parameter XSS

XOOPS misc.php Query String XSS

CGI Generic XSS (persistent)

PeopleSoft PeopleTools JMS Listening Connector Activity Parameter XSS

ViewVC Invalid Parameter Arbitrary HTML Injection

BuildBot WebStatus waterfall 'branch' Parameter XSS

Adobe ColdFusion <= 8.0.1 _logintowizard.cfm XSS

BASE < 1.4.4 base_local_rules.php dir Parameter XSS

IBM Rational RequisitePro ReqWebHelp Multiple XSS

Symantec SecurityExpressions Audit and Compliance Server Multiple XSS

Lyris ListManager Multiple XSS

Ektron CMS400.NET id Parameter XSS

Orion Application Server Web Examples Multiple XSS

3CX Phone System login.php Multiple Parameter XSS

Oracle Database Secure Enterprise Search search/query/search search_p_groups Parameter XSS

TinyBrowser Multiple XSS

CommuniGate Pro WebMail < 5.2.15 XSS

IBM Rational ClearQuest Multiple XSS Flaws

Sun Java Web Console helpwindow.jsp / masthead.jsp Multiple XSS

Movable Type mt-wizard.cgi set_static_uri_to Parameter XSS

CGI Generic XSS (quick test)

Kerio MailServer < 6.6.2 Patch 3 / 6.7.0 Patch 1 XSS (KSEC-2009-06-08-01)

Joomla! < 1.5.11 JA_Purity Template Multiple XSS

DNN (DotNetNuke) ErrorPage.aspx XSS

Novell GroupWise WebAccess Login Page User.lang Parameter XSS

Sun Java System Calendar Server login.wcap Fmt-out Parameter XSS

AXIGEN Webmail < 7.1.0 HTML Body Script Insertion

SquirrelMail contrib/decrypt_headers.php XSS

Project Woodstock 404 Error Page UTF-7 Encoded XSS

Atmail WebMail <= 5.6.1 (5.61) webadmin/admin.php Multiple Parameter XSS

Atmail WebMail <= 5.6.0 (5.60) Email Body Injection

Apache Struts 2 s:a / s:url Tag href Element XSS

BlackBerry Enterprise Server MDS Connection Service XSS

Atlassian JIRA < 3.13.3 DWR 'c0-id' XSS

SAP DB / MaxDB WebDBM Multiple Parameter XSS

Tomcat Sample App cal2.jsp 'time' Parameter XSS

Novell GroupWise < 7.03HP2 / 8.0HP1 WebAccess Multiple XSS

ESET Remote Administrator < 3.0.105 Additional Report Settings XSS

Mono ASP.NET action Attribute XSS

Apache Jackrabbit 'q' Parameter XSS

Apache Roller q Parameter XSS

IceWarp Merak Mail Server < 9.4.0 IMG Tag XSS

Kerio MailServer < 6.6.2 Multiple XSS (KSEC-2008-12-16-01)

WordPress wp-includes/feed.php self_link() Function Host Header RSS Feed XSS

MDaemon WorldClient < 10.0.2 Email Handling XSS

HP System Management Homepage < Unspecified XSS

MailMarshal Spam Quarantine Management (SQM) Multiple Component XSS

CiscoWorks Server Common Services Login Page XSS

Cisco Secure Access Control Server (ACS) CSUserCGI.exe Help Facility XSS

MS Site Server < 3.0 formslogin.asp url Parameter XSS

HP System Management Homepage < 2.1.12 Unspecified XSS

CGIWrap Charset Specification Weakness Error Message XSS

Resin viewfile Servlet file Parameter XSS

Adobe Flex 3 History Management historyFrame.html XSS

Lyris ListManager read/search/results words Parameter XSS

dotCMS search_query Parameter XSS

Xerox DocuShare dsweb Servlet Multiple XSS

Barracuda Spam Firewall cgi-bin/ldap_test.cgi email Parameter XSS

Django Administration Application Login Form XSS

Sun Java System Web Server Search Module XSS

SmarterMail Subject Field XSS

OSSIM Framework session/login.php dest Parameter XSS

BEA Plumtree portal/ name Parameter XSS

ProjectPier index.php Multiple Parameter XSS

F5 BIG-IP Web Management Multiple XSS

Sun Java System Identity Manager Multiple XSS

IceWarp Mail Server admin/index.html message Parameter XSS

Atlassian JIRA 500page.jsp XSS

Websense Reporting Tools WsCgiLogin.exe username Parameter XSS

NetScaler Web Management ws/ standalone Parameter XSS

Mort Bay Jetty Dump Servlet (webapps/test/jsp/dump.jsp) XSS

ht://dig htsearch sort Parameter XSS

ManageEngine OpManager Multiple Parameter XSS

GForge account/verify.php confirm_hash Parameter XSS

Google Mini Search Appliance search Script ie Parameter XSS

Apache Tomcat Sample App cal2.jsp 'time' Parameter XSS (CVE-2006-7196)

IceWarp Merak Mail Server < 9.0.0 BODY Element XSS

Apache Tomcat SendMailServlet sendmail.jsp 'mailfrom' Parameter XSS

Joomla! com_content Component 'order' Parameter XSS

FuseTalk Multiple Script XSS

Apache MyFaces Tomahawk JSF Application autoscroll Multiple XSS

Apache Tomcat snoop.jsp URI XSS

HP System Management Homepage < 2.1.2 Unspecified XSS

Tomcat Sample App hello.jsp 'test' Parameter XSS

CommuniGate Pro WebMail w/ MSIE STYLE Tag XSS

Horde NLS.php Language Selection new_lang Parameter XSS

ColdFusion MX Null Byte Tag XSS Protection Bypass

ColdFusion Web Server User-Agent HTTP Header Error Message XSS

CuteNews 1.4.5 Multiple Script XSS

IBM WebSphere Application Server SOAP Connector Error Page XSS

Sun Secure Global Desktop / Tarantella < 4.20.983 Multiple XSS

SAP Internet Transaction Server wgate Multiple Parameter XSS

Web Server Expect Header XSS

Horde < 3.0.11 / 3.1.2 Multiple Script XSS

mvnForum activatemember Multiple Parameter XSS

UBB.threads ubbthreads.php debug Parameter XSS

Pubcookie Login Server index.cgi XSS

ArGoSoft Mail Server Pro Webmail viewheaders Multiple Field XSS

NeoMail sort Parameter XSS

Snitz Forums 2000 post.asp type Parameter XSS

Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS

WebWasher < 4.4.1 Build 1613 Multiple XSS

CubeCart < 3.0.4 Multiple Script XSS

Guppy Multiple HTTP Header XSS

WEBppliance ocw_login_username Parameter XSS

Open WebMail sessionid Parameter XSS

Lotus Domino Multiple Script Src / BaseTarget XSS

phpGroupWare Main Screen Message Body XSS

Greymatter Comment Name Field Control Panel Log XSS

CMSimple Guestbook Module index.php XSS

CMSimple index.php search Function XSS

Sawmill < 7.1.14 GET Request Query String XSS

Dada Mail Archived Message XSS

PHP-Fusion < 6.00.108 BBCode Nested URL Tag XSS

ATutor 1.5.1 Multiple Script XSS

Phorum register.php Username Field XSS

phpMyAdmin < 2.6.4 Multiple XSS

phpGraphy EXIF Data XSS

PhotoPost PHP Pro EXIF Data XSS

Gallery EXIF Data XSS

Coppermine Photo Gallery EXIF Data XSS

BMForum Multiple Script XSS

Ultimate PHP Board 1.9.6 GOLD Multiple Scripts XSS (1)

Ultimate PHP Board 1.9.6 GOLD Multiple Scripts XSS (2)

JAWS Glossary Gadget Multiple XSS

AutoIndex PHP Script index.php search Parameter XSS

Fusebox index.cfm fuseaction Parameter XSS

GForge <= 4.5 Multiple Script XSS

Advanced Guestbook User-Agent Header HTML Injection

Gossamer Threads Links < 3.0.4 Multiple Script XSS

Gossamer Threads Links user.cgi url Parameter XSS

Novell GroupWise WebAccess Email IMG SRC XSS

SiteMinder 5.5 Multiple Script XSS

MediaWiki 1.4.x < 1.4.6 / 1.5.x < 1.5.0 beta3 Page Move Template XSS

phpBB2 Plus <= 1.52 Multiple XSS

cPanel user Parameter XSS

osCommerce application_top.php Multiple Parameter HTTP Response Splitting

DNN (DotNetNuke) < 3.0.12 Multiple XSS

MediaWiki < 1.3.13 / 1.4.5 / 1.5.0 alpha2 Page Template Inclusions HTML Attributes XSS

BookReview 1.0 Multiple Script XSS

SqWebMail redirect Parameter CRLF Injected XSS

Sambar Server Administrative Interface Multiple XSS

mvnForum Search Parameter XSS

ASP-DEv XM Forum post.asp IMG Tag XSS

SurgeMail <= 3.0c2 Multiple XSS

Skull-Splitter Guestbook Multiple Field XSS

Woltlab Burning Board pms.php folderid Parameter XSS

PwsPHP profil.php id Parameter XSS

RSA Security RSA Authentication Agent For Web For IIS XSS

Invision Power Board index.php Multiple Parameter XSS

RM SafetyNet Plus u Parameter XSS

Serendipity BBCode Plugin XSS

IMP Parent Frame Page Title XSS

Horde Turba Parent Frame Page Title XSS

Horde Nag Parent Frame Page Title XSS

Horde Mnemo Parent Frame Page XSS

Horde Turba Contact Manager Parent Frame Page Title XSS

Horde Chora Page Title XSS

WebcamXP Chat Name XSS

Coppermine Photo Gallery X-Forwarded-For XSS

IlohaMail read_message.php Attachment Multiple Field XSS

sphpblog search.php q Parameter XSS

Pinnacle Cart index.php pg Parameter XSS

Comersus Cart comersus_searchItem.asp curPage Parameter XSS

PostNuke < 0.760 RC4 Multiple Script XSS

ProfitCode PayProCart usrdetails.php sgnuptype Parameter XSS

Comersus Cart Account Username Field XSS

SonicWALL SOHO Web Interface XSS

PHP < 4.4.2 Multiple XSS Vulnerabilities

Oracle 9i Application Server HTTP Request Smuggling

phpMyAdmin index.php convcharset Parameter XSS

Mailreader network.cgi enriched/richtext MIME Message XSS

Horde Parent Frame Page Title XSS

CPG Dragonfly Multiple XSS

phpMyDirectory review.php subcat Parameter XSS

PHPSysInfo < 2.5 Multiple Script XSS

Invision Power Board HTTP POST Request IFRAME Tag XSS

Kayako eSupport Troubleshooter Module index.php Multiple Parameter XSS

PunBB profile.php Multiple Parameter XSS

Phorum < 5.0.15 Multiple XSS

paBox pabox.php posticon Parameter XSS

YaBB usersrecentposts Action username Parameter XSS

PHP-Fusion BBCode IMG Tag XSS

CuteNews <= 1.3.6 Multiple XSS

Verity Ultraseek Search Request XSS

phpMyAdmin < 2.6.1 pl2 Libraries and Themes Multiple XSS

Invision Power Board COLOR SML Tag XSS

Zeroboard < 4.1pl6 Multiple XSS

paNews comment.php showpost Parameter XSS

osCommerce contact_us.php enquiry Parameter XSS

Kayako eSupport index.php nav Parameter XSS

Open WebMail logindomain Parameter XSS

SunShop Shopping Cart index.php search Parameter XSS

Claroline add_course.php Multiple Parameter XSS

ht://Dig htsearch.cgi config Parameter XSS

Mambo Site Server mos_change_template XSS

SmarterTools SmarterMail Attachment Upload XSS

vBulletin BB Tag XSS

ExBB Netsted BBcode XSS

pLog register.php Multiple Parameter XSS

Bugzilla Internal Error Response XSS


Gallery login.php username Parameter XSS

Novell GroupWise 6.5.3 WebAccess Multiple XSS

Siteman forum.php page Parameter XSS

Horde < 3.0.1 Multiple Script XSS

phpGroupWare index.php Calendar Date XSS

MySQL Eventum index.php email Parameter XSS

YaCy Peer-To-Peer Search Engine XSS

ArGoSoft Mail Server Unspecified XSS

CVSTrac < 1.1.5 Multiple XSS

UseModWiki XSS

UBB.threads < 6.5.1 Multiple XSS

PunBB URL Quote Tag XSS

PunBB profile.php XSS

PunBB < 1.1.2 install.php XSS

PunBB IMG Tag Client Side Scripting XSS

Serendipity compat.php searchTerm Parameter XSS

Apache Jakarta Lucene results.jsp XSS

InMail/InShop / XSS

YaBB Shadow BBCode Tag XSS

phpCMS parser.php file Parameter XSS

Aztek Forum Multiple Script XSS

phpMyAdmin < 2.6.0-pl3 Multiple XSS

TikiWiki tiki-error.php XSS

TeeKai Tracking Online XSS

ht://Dig htsearch.cgi words Parameter XSS

TIPS MailPost append Parameter XSS

Cherokee Web Server Error Page XSS

Horde IMP status.php3 script Parameter XSS

Horde Application Framework Help Window Multiple Parameter XSS

MoniWiki < 1.0.9 wiki.php XSS

Faq-O-Matic fom.cgi Multiple Parameter XSS

IBM Lotus Notes/Domino Square Brackets Encoding Failure XSS

Pinnacle ShowCenter SettingsBase.php Skin Parameter XSS

XOOPS viewtopic.php Multiple Parameter XSS

FuseTalk Forum img src Tag XSS

CjOverkill trade.php Multiple Method XSS

Invision Power Board Referer field XSS

Horde IMP HTML MIME Viewer Multiple XSS

PHP-Fusion homepage address Parameter XSS

WordPress < 1.2.2 Multiple XSS

vBulletin memberlist.php what Parameter XSS

ViewCVS viewcvs.cgi Multiple Parameter XSS

OpenBB board.php FID Parameter XSS

vBulletin newreply.php WYSIWYG_HTML Parameter XSS

PostNuke News Module article.php sid Parameter XSS

phpGroupWare Wiki Module XSS

OpenCA Client System Browser Form Input Field XSS

PsNews index.php Multiple Parameter XSS

Keene Digital Media Server Multiple Script XSS

CuteNews index.php mod Parameter XSS

DasBlog Activity / Event Viewer Multiple HTTP Header XSS

IlohaMail user Parameter XSS

IlohaMail Email Header XSS

Citrix NFuse Launch Scripts 'NFuse_Application' Parameter XSS

XOOPS <= 1.0 Dictionary Module Multiple Scripts XSS

phpScheduleIt 1.0.0 RC1 Multiple XSS

Icecast list.cgi User-Agent XSS

Plesk Reloaded login_up.php3 login_name Parameter XSS

PHP Code Snippet Library index.php Multiple Parameter XSS

eGroupWare <= Multiple Module XSS

PHP-Nuke PhotoADay Module pad_selected Parameter XSS

Mantis < 0.18.1 Multiple Unspecified XSS

Sympa New List Creation Description Field XSS

CuteNews show_archives.php archive Parameter XSS

BasiliX Webmail Content-Type Header XSS

Moodle 'post.php' 'reply' Parameter XSS

WackoWiki TextSearch phrase Parameter XSS

BreakCalendar < 1.3 XSS

BasiliX Message Content XSS

SquirrelMail < 1.2.11 Multiple Script XSS

PostNuke Reviews Module title Parameter XSS

WebCam Watchdog sresult.exe XSS

Phorum search.php subject Parameter XSS

PowerPortal modules/private_messages/index.php Multiple Parameter XSS

Horde IMP with MSIE MIME Viewer Email Message XSS

Moodle < 1.3.3 'help.php' 'file' Parameter XSS

Xitami testssi.ssi HTTP Header XSS

phpBB < 2.0.10 Multiple XSS

Citrix MetaFrame XP login.asp NFuse_Message Parameter XSS

IMP Content-Type Header XSS

Open WebMail Multiple Content Header XSS

Oracle 9iAS iSQLplus XSS

Invision Power Board index.php pop Parameter XSS

vHost < 3.10r1 Unspecified XSS

phpBB < 2.0.7 Multiple XSS

SandSurfer < 1.7.1 XSS

vBulletin search.php query Parameter XSS

ASP Portal User Profile XSS

Mambo Site Server itemid Parameter XSS

miniBB bb_func_usernfo.php Website Name Field XSS

SGDynamo sgdynamo.exe HTNAME XSS

Horde IMP IMP_MIME_Viewer_html Class XSS

Gallery search.php searchstring Parameter XSS

TMaxSoft JEUS url.jsp URI XSS

pod.board 1.1 Multiple Script XSS

PostNuke < Multiple Script XSS

LedNews News Post XSS

Zeus Admin vs_diag.cgi XSS

Bandmin 1.4 index.cgi Multiple Parameter XSS

eZ Publish articleview.php XSS

SHOUTcast Server Admin Log File XSS

Apache mod_ssl Host: Header XSS

Ceilidh testcgi.exe query Parameter XSS

Neoteris IVE swsrv.cgi XSS

Ocean12 Guestbook XSS

XMB < 1.9.1 Multiple XSS

XOOPS Glossary Module glossaire-aff.php lettre Parameter XSS

CC GuestBook Multiple Parameter XSS

Sambar Server Multiple Script XSS

paFileDB pafiledb.php id Parameter XSS

WebChat XSS

ez Publish Multiple XSS

Siteframe search.php searchfor Parameter XSS

DCP-Portal Multiple Script XSS

Basit CMS Multiple Script XSS

Mambo Site Server 4.0.10 XSS

osCommerce 2.2ms1 Multiple Script XSS

MyAbraCadaWeb header.php ma_kw Parameter XSS

SquirrelMail 1.2.9 / 1.2.10 read_body.php Multiple Parameter XSS

RSA ClearTrust ct_logon.asp Multiple Parameter XSS

Microsoft IIS shtml.dll XSS

IBM Domino nsf File Argument XSS

Auction Deluxe Multiple Parameter XSS

Simple File Manager Directory / Filename XSS

Microsoft IIS IDC Extension XSS

Apache Tomcat DOS Device Name XSS

Apache Tomcat /servlet Mapping XSS

IBM WebSphere Traversal Error Page XSS

Apache JServ Nonexistent JSP Request XSS

Oracle 9iAS mod_plsql Multiple Procedures XSS

Microsoft IIS ASP Redirection Function XSS

FastCGI Multiple Sample CGI XSS

AgoraCart agora.cgi cart_id Parameter XSS

Webalizer < 2.01-09 Multiple XSS

Web Server Generic XSS

Microsoft IIS 5.0 Form_JScript.asp XSS

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now