Security Vulnerabilities, CVEs, Published In May 2007 (XSS)
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.
Max CVSS
4.3
EPSS Score
0.47%
Published
2007-05-31
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter.
Max CVSS
4.3
EPSS Score
0.54%
Published
2007-05-31
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action.
Max CVSS
4.3
EPSS Score
0.54%
Published
2007-05-31
Updated
2021-06-30
Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music Distro 1.2 allows remote attackers to inject arbitrary web script or HTML via the st parameter.
Max CVSS
4.3
EPSS Score
0.73%
Published
2007-05-30
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email.
Max CVSS
4.3
EPSS Score
0.27%
Published
2007-05-30
Updated
2018-10-16
Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files.
Max CVSS
4.3
EPSS Score
0.72%
Published
2007-05-30
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
Max CVSS
4.3
EPSS Score
0.27%
Published
2007-05-30
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909.
Max CVSS
4.3
EPSS Score
0.14%
Published
2007-05-30
Updated
2012-11-06
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.
Max CVSS
3.5
EPSS Score
0.07%
Published
2007-05-30
Updated
2012-11-06
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action.
Max CVSS
4.3
EPSS Score
0.54%
Published
2007-05-30
Updated
2018-10-16
Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing (1) JavaScript or (2) HTTP headers via an unspecified vector, possibly the forwardTo parameter to redirect.do. NOTE: the impact might be cross-site scripting (XSS) or HTTP request smuggling.
Max CVSS
4.9
EPSS Score
0.17%
Published
2007-05-30
Updated
2011-04-07
Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653.
Max CVSS
4.3
EPSS Score
1.78%
Published
2007-05-30
Updated
2008-11-15
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors.
Max CVSS
4.3
EPSS Score
0.64%
Published
2007-05-30
Updated
2017-10-11
Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
4.3
EPSS Score
0.25%
Published
2007-05-30
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in index.php in Web Icerik Yonetim Sistemi (WIYS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the No parameter in the Sayfa page.
Max CVSS
4.3
EPSS Score
0.54%
Published
2007-05-30
Updated
2018-10-16
Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp.
Max CVSS
4.3
EPSS Score
0.51%
Published
2007-05-29
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Portal System 3G allows remote attackers to inject arbitrary web script or HTML via the month parameter.
Max CVSS
4.3
EPSS Score
0.53%
Published
2007-05-29
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
Max CVSS
9.3
EPSS Score
1.70%
Published
2007-05-25
Updated
2017-07-29
Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in HLstats 1.35, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) authusername or (2) authpassword parameter, different vectors than CVE-2007-0840 and CVE-2007-2812.
Max CVSS
9.3
EPSS Score
0.50%
Published
2007-05-24
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
Max CVSS
4.3
EPSS Score
0.57%
Published
2007-05-24
Updated
2017-07-29
Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images.
Max CVSS
4.3
EPSS Score
0.98%
Published
2007-05-22
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter.
Max CVSS
4.3
EPSS Score
0.96%
Published
2007-05-22
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in cand_login.asp in CactuSoft Parodia 6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the strJobIDs parameter.
Max CVSS
4.3
EPSS Score
0.96%
Published
2007-05-22
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the action parameter.
Max CVSS
4.3
EPSS Score
5.20%
Published
2007-05-22
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.67%
Published
2007-05-22
Updated
2017-07-29