cross-site scripting vulnerabilities and exploits

4.3
CVSSv2
CVE-2010-0941

Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php....

4.3
CVSSv2
CVE-2009-3191

Multiple cross-site scripting (XSS) vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to inject arbitrary web script or HTML via the cat parameter to (1) rss.php and (2) opml.php....

Pad-site-scriptsPad Site Scripts
1.2
CVSSv2
CVE-2014-3537

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/....

1.5
CVSSv2
CVE-2014-5029

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537....

1.9
CVSSv2
CVE-2014-5030

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py....

5
CVSSv2
CVE-2014-5031

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors....

4.3
CVSSv2
CVE-2014-2856

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function....

7.5
CVSSv2
CVE-2019-7316

An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability....

Css-tricksChat2
4.3
CVSSv2
CVE-2019-7748

_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists....

Dbninja
6.8
CVSSv2
CVE-2019-7747

DbNinja 3.2.7 allows session fixation via the data.php sessid parameter....

Dbninja