CWE-79

Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway eCommerce 1.4.1.171 allows remote attackers to inject arbitrary web script or HTML via the search_link parameter.

Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a “</" (less-than slash) sequence.

Cross-site scripting (XSS) vulnerability in members.php in Pars4u Videosharing 1 allows remote attackers to inject arbitrary web script or HTML via the PageNo parameter.

Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action.

Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in ACG-PTP 1.0.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Category name field under Advertisement Packages, the (2) Reason field under Credit/Debit Users, and the (3) FAQ question and (4) FAQ answer fields under Add New FAQ Entry.