SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Search Results

IDDate
Public		Name
VU#23788811/05/2007Mortbay Jetty Dump Servlet vulnerable to cross-site scripting
VU#43544410/15/2003Microsoft Outlook Web Access (OWA) contains cross-site scripting vulnerability in the "Compose New Message" form
VU#34279310/26/2007RSA Keon cross-site scripting vulnerabilities
VU#29245706/05/2007HP System Management Homepage cross-site scripting vulnerability
VU#80892104/19/1999eBay contains a cross-site scripting vulnerability
VU#13853807/13/2005WebEOC is vulnerable to cross-site scripting attacks
VU#71614412/23/2004Verity Ultraseek contains a cross-site scripting vulnerability in the processing of search requests
VU#11407003/02/2004NetScreen Instant Virtual Extranet (IVE) platform contains cross-site scripting vulnerability in delhomepage.cgi
VU#63643103/19/2002Verity's Search97 contains a Cross-Site Scripting vulnerability in the processing of search requests
VU#74459007/15/2004Board Power contains cross-site scripting vulnerability in the 'action' parameter of 'icq.cgi'
VU#10799811/03/2004MailPost vulnerable to cross-site scripting in the 'append' variable passed to the file as part of an HTTP GET request
VU#59604611/03/2004MailPost vulnerable to cross-site scripting via an executable requested with a trailing slash appended to the filename
VU#88261902/01/2009Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge cross-site scripting vulnerability
VU#75876912/19/2007Adobe Flash Player asfunction protocol may enable cross-site scripting
VU#34040902/08/2005Microsoft Windows SharePoint Services and SharePoint Team Services cross-site scripting vulnerabilities
VU#19731801/26/2004IBM Net.Data db2www CGI interpreter fails to properly validate requested macro filenames
VU#13993106/12/2002Microsoft SQLXML HTTP components vulnerable to cross-site scripting via root parameter
VU#24032910/02/2002Apache HTTPD server vulnerable to cross site scripting on error page when using wildcard DNS
VU#66820609/23/2004Macromedia JRun Server is vulnerable to a cross-site scripting attack
VU#71573711/07/2007Mozilla-based browsers jar: URI cross-site scripting vulnerability
VU#86260007/21/2007Apache Tomcat SendMailServlet example vulnerable to cross-site scripting via FROM field
VU#45560410/10/2006Microsoft .NET Framework contains a cross-site scripting vulnerability
VU#33758503/06/2006Pubcookie login server contains cross-site scripting vulnerabilities
VU#31454003/06/2006Pubcookie application server modules contain cross-site scripting vulnerabilities
VU#30037306/14/2005Microsoft Outlook Web Access vulnerable to cross-site scripting
VU#79861102/06/2002Oracle 9iAS contains cross-site scripting vulnerability in "htp.print"
VU#13201102/28/2002Snitz Forums 2000 vulnerable to cross-site scripting via crafted IMG tag
VU#24640907/19/2003CGI.pm vulnerable to Cross-site Scripting
VU#24933705/18/2007Flash authoring tools create Flash files that contain cross-site scripting vulnerabilities
VU#36690009/26/2006Roller Weblogger contains a cross-site scripting vulnerability
VU#10888409/12/2006Microsoft Indexing Services vulnerable to cross-site scripting
VU#88669904/10/2002Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in HTTP error page results
VU#94875008/10/2004Microsoft Outlook Web Access contains vulnerability in HTML redirection query
VU#88309104/10/2002Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in IIS Help Files search facility
VU#75079601/05/2010Liferay Portal p_p_id parameter vulnerable to persistent cross-site scripting
VU#81596012/29/2006Adobe Acrobat Plug-In cross domain violation
VU#21298411/03/2007Mortbay Jetty vulnerable to HTTP response splitting
VU#26235209/21/2006Sun Secure Global Desktop Software (SSGD) contains multiple cross-site scripting vulnerabilities
VU#36637204/15/2005RSA Authentication Agent for Web fails to properly validate input
VU#52070704/10/2002Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in redirect response messages
VU#48868410/06/2003Hummingbird CyberDOCS contains multiple cross-site scripting vulnerabilities
VU#84570806/21/2007Apple WebCore XMLHttpRequest fails to properly serialize headers into an HTTP request
VU#70552904/16/2008Apple Safari WebKit fails to properly handle a crafted URL
VU#55961611/15/2006Autonomy Ultraseek default configuration does not adequately restrict in-document highlighting
VU#92754808/08/2006Microsoft Management Console cross-site scripting vulnerability
VU#98165107/02/2001Caucho Technologies Resin vulnerable to Cross-Site Scripting via passing of user input directly to default error page
VU#56065907/02/2001IBM WebSphere vulnerable to Cross-Site Scripting via passing of user input directly to default error page
VU#64223907/02/2001Lotus Domino Server R5 vulnerable to Cross-Site Scripting via passing of user input directly to default error page
VU#70710012/10/2003Multiple web-based email services fail to filter malicious characters when the message contains cascading style sheet character escaping
VU#28830812/28/2003Microsoft Internet Information Server (IIS) vulnerable to cross-site scripting via HTTP TRACK method
VU#27008307/02/2001IBM VisualAge Professional vulnerable to Cross-Site Scripting via passing of user input directly to default error page
VU#67268307/02/2001Apache Tomcat vulnerable to Cross-Site Scripting via passing of user input directly to default error page
VU#36160001/17/2002Web-based email services filtering systems vulnerable to malicous script execution
VU#76601903/18/2008Apple Safari vulnerable to xss via the processing of JavaScript URLs
VU#28998806/25/2007Apple Safari cross-domain HTTP redirection race condition
VU#61585702/21/2007Google Desktop vulnerable to cross-site scripting
VU#88566512/07/2006MySpace fails to properly filter user-supplied content
VU#47390202/05/2004Multiple Real media players fail to properly validate SMIL files
VU#65464307/02/2001Allaire JRun Java Application Server vulnerable to Cross-Site Scripting via passing of user input directly to default error page
VU#76870201/25/2005Multiple devices process HTTP requests inconsistently
VU#66442208/31/2004PhpWebSite contains multiple cross-site scripting vulnerabilities
VU#53471005/07/2005Mozilla fails to properly prevent "JavaScript:" URIs containing "eval()" from being executed in the context of other URIs in the history list
VU#16209710/22/2002Microsoft Internet Explorer does not adequately validate references to cached objects and methods
VU#30520812/05/2007Caucho Resin vulnerable to XSS via "file" parameter to "viewfile"
VU#73244901/10/2008Liferay Portal User Profile Greeting stored XSS
VU#32606501/10/2008Liferay Portal Enterprise Admin User-Agent HTTP header XSS
VU#88820901/10/2008Liferay Portal Forgot Password User-Agent HTTP header XSS
VU#43861611/05/2007Mortbay Jetty fails to properly handle cookies with quotes
VU#92350806/18/2008Microsoft Internet Explorer 6 contains a cross-domain vulnerability
VU#93573712/19/2007Adobe Flash Player may load arbitrary, malformed cross-domain policy files
VU#76782501/10/2008Liferay Portal fails to protect against CSRF
VU#21782501/10/2008Liferay Portal Admin portlet Shutdown message XSS
VU#98914411/17/2006Google Mini and Google Search Appliance vulnerable to cross-site scripting
VU#25276408/08/2006Microsoft Internet Explorer source element cross-domain vulnerability
VU#11495603/08/2005Sun ONE and Sun Java System Applications vulnerable to cross-site scripting via default error page
VU#78224308/21/2001TDForum does not adequately validate user input thereby allowing users to embed malicious script code in messages
VU#46652103/25/2008Mozilla JavaScript privilege escalation
VU#62587801/31/2005Single crafted HTTP request may result in multiple responses
VU#15304301/24/2002SquirrelMail compose.php script does not adequately validate input thereby allowing arbitrary user to send messages
VU#91100407/25/2006Mozilla Firefox fails to properly handle the "XPCNativeWrapper(window).Function(...)"
VU#79423601/31/2008SkypeFind fails to properly sanitize user-supplied input
VU#99354408/13/2007Apache Tomcat fails to properly handle cookies containing single quotes
VU#35660012/15/2004Microsoft Internet Explorer DHTML Editing ActiveX control contains a cross-domain vulnerability
VU#74413904/08/2002AOL Instant Messenger installer adds "http://free.aol.com" to Trusted Sites Zone in Microsoft Internet Explorer
VU#66376308/06/2008Apache mod_proxy_ftp XSS vulnerability
VU#19093906/04/2008HP Online Support Services ActiveX AppendStringToFile() arbitrary file writing
VU#85753906/04/2008HP Online Support Services ActiveX DeleteSingleFile() arbitrary file deletion
VU#99877906/04/2008HP Online Support Services ActiveX StartApp() arbitrary code execution
VU#22112306/04/2008HP Online Support Services ActiveX MoveFile() buffer overflow
VU#52613106/04/2008HP Online Support Services ActiveX RegistryString() buffer overflow
VU#55816306/04/2008HP Online Support Services ActiveX GetFileTime() buffer overflow
VU#59242502/02/2006Mozilla-based products fail to validate user input to the attribute name in "XULDocument.persist"
VU#37279707/13/2005WebEOC contains multiple SQL injection vulnerabilities
VU#94958706/04/2008HP Online Support Services ActiveX DownloadFile() arbitrary file download
VU#75440306/04/2008HP Online Support Services ActiveX ExtractCab() buffer overflow
VU#13845707/10/2007Adobe Flash Player fails to properly validate HTTP Referers
VU#40509212/19/2006Mozilla products allows the src attribute in an img element to be changed to a JavaScript URI
VU#58029902/08/2005Microsoft Internet Explorer contains URL decoding cross-domain vulnerability
VU#14329706/04/2007Mozilla Firefox allows cross-domain iframe access via JavaScript
VU#57158409/25/2007Google Gmail cross-site request forgery vulnerability
VU#88310806/27/2006Microsoft Internet Explorer HTML Document object cross-domain vulnerability
VU#99679807/13/2005Mozilla Firefox insecurely handles content from external applications
VU#24818401/17/2008Skype does not properly filter input from external websites
VU#22856902/12/2008Microsoft Internet Explorer property memory corruption vulnerability
VU#34744812/12/2006Microsoft Internet Explorer fails to properly handle malformed DHTML script function calls
VU#85511811/04/2005Apple QuickTime PictureViewer PICT data decompression buffer overflow
VU#43334111/08/2005Microsoft Windows vulnerable to buffer overflow via specially crafted WMF file
VU#21862107/12/2005Microsoft Word buffer overflow in font processing routine
VU#81007306/12/2007Microsoft Windows Secure Channel integer underflow
VU#30406401/03/2007Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability
VU#13684906/13/2006Microsoft Internet Explorer UTF-8 decoding vulnerability
VU#84780307/25/2001Php variables passed from the browser are stored in global context
VU#29096106/06/2007Microsoft Windows GDI+ ICO InfoHeader Height division by zero vulnerability
VU#69434412/12/2006Microsoft Internet Explorer TIF Folder arbitrary file access vulnerability
VU#88786105/28/2005Microsoft Internet Explorer vulnerable to code execution via mismatched DOM objects
VU#13475603/18/2005Microsoft Windows buffer overflow in Enhanced Metafile rendering API
VU#72074207/12/2005Microsoft Color Management Module buffer overflow during profile tag validation
VU#27326202/02/2002Multiple web browsers vulnerable to spoofing via Internationalized Domain Name support
VU#75612204/12/2005Microsoft Internet Explorer URL validation routine contains a buffer overflow
VU#82397102/08/2005Microsoft Internet Explorer contains a Channel Definition Format (CDF) cross-domain vulnerability
VU#59814712/19/2001Microsoft Internet Explorer does not properly handle document.open()
VU#46880008/14/2007Microsoft Windows VML compressed content integer underflow
VU#71184304/17/2002Microsoft Internet Explorer contains cross-site scripting vulnerabilities in local HTML resources
VU#59983212/12/2006Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability
VU#87667803/22/2006Microsoft Internet Explorer createTextRange() vulnerability
VU#18975406/14/2005Microsoft Internet Explorer buffer overflow in PNG image rendering component
VU#22205004/12/2005Microsoft Internet Explorer Content Advisor contains a buffer overflow
VU#77433804/12/2005Microsoft Internet Explorer DHTML objects contain a race condition
VU#63776010/12/2004Microsoft Internet Explorer Install Engine contains a buffer overflow vulnerability
VU#84377102/08/2005Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability
VU#61356402/13/2007Microsoft Internet Explorer fails to properly interpret certain responses from FTP servers
VU#81710806/11/2006Yahoo! Mail script injection vulnerability
VU#20726407/11/2004Microsoft Internet Explorer does not properly handle function redirection
VU#44856912/06/2006Adobe Download Manager buffer overflow
VU#65510006/27/2006Microsoft Internet Explorer fails to properly handle CLSID extensions
VU#20876911/22/2006Microsoft Windows Media Player fails to properly handle malformed Windows Media Metafiles
VU#19160903/29/2007Microsoft Windows animated cursor stack buffer overflow
VU#12208401/09/2007Microsoft Internet Explorer VML buffer overflow
VU#16502201/13/2003Microsoft Log Sink Class ActiveX control incorrectly marked "safe for scripting"
VU#41609209/18/2006Microsoft Internet Explorer VML stack buffer overflow
VU#31322503/06/2007Apple QuickTime QTIF heap buffer overflow
VU#56868903/06/2007Apple QuickTime 3GP integer overflow
VU#86181703/06/2007Apple QuickTime UDTA atom integer overflow
VU#41099303/06/2007Apple QuickTime QTIF integer overflow
VU#64243303/06/2007Apple QuickTime QTIF stack buffer overflow
VU#44249701/02/2007Apple QuickTime RTSP buffer overflow
VU#18103812/27/2005Microsoft Windows Metafile handler SETABORTPROC GDI Escape vulnerability
VU#65976111/23/2007Apple QuickTime RTSP Content-Type header stack buffer overflow
VU#72856304/17/2002Microsoft Internet Explorer does not adequately validate source of dialog frame
VU#71387806/03/2004Microsoft Internet Explorer does not properly validate source of redirected frame
VU#11217901/10/2008Apple QuickTime RTSP Response message Reason-Phrase buffer overflow vulnerability

If this page is empty, your search did not match any documents.

Produced 2010 by US-CERT, a government organization
Disclaimers and copyright information