bb000001webmin

iiCopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
RESEARCHANDINTELLIGENCEREPORTRELEASEDATE:DECEMBER15,2014BY:NIKITAGUPTA,ANALYSTIBMMSSCROSS-SITESCRIPTING(XSS)iiiCopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
TABLEOFCONTENTSEXECUTIVEOVERVIEW/KEYFINDINGS1WHATISXSS1CONSEQUENCESOFXSSATTACKS.
3XSSATTACKMETRICS.
3RECOMMENDATIONS/MITIGATIONTECHNIQUES5IDPSSIGNATURES6IBMPROVENTIA6AKAMAI7CHECKPOINT.
8CISCOIDS8FORTINET11INTRUSHIELD.
32NETSCREEN33PALOALTO.
39SNORT41SOURCEFIRE.
42TIPPINGPOINT.
43TRENDMICRO44REFERENCES44CONTRIBUTORS45DISCLAIMER.
451CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
EXECUTIVEOVERVIEW/KEYFINDINGSOneofthemajorvulnerabilitycategoriesoftenfoundinwebapplicationsiscross-sitescripting(XSS).
Today,inthedigitalworld,manytransactionsoccuronlinesuchasbanking,shopping,E-trading,andtravelbooking.
AccordingtostatisticsgatheredbyIBM'sHostedApplicationScanningManagement(HASM)team,inover900dynamicwebapplicationscans,17%werevulnerabletoXSS.
Whilethismaynotsoundlikeaveryhighpercentage,takeintoaccountthatthisdatasamplecomesfromorganizationsthathaveextremelymatureandestablishedsecuritypractices.
ResearchershavefoundthesevulnerabilitiestoexistevenonsomeofthemostcommonandpopularwebsiteslikeFacebook,Amazon,Google,andPayPal.
AccordingtoWhiteHatSecurity,asoftoday,theyareseeinga47.
9%likelihoodofasitebeingsusceptibletoCrossSiteScriptingattacks.
In1995,theearlydaysoftheInternet,NetscapeintroducedJavaScript.
Peoplelearnedfastthattheycandomanyinterestingthingswithit.
AttackerslearnedthattheycouldtrickausertoloadanywebsitewithiframesanduseJavaScripttonavigatebetweenthewebsites.
Hence,thisledtothenameCross-siteScripting(XSS).
In2005,theSamywormexploitingaXSSvulnerabilityonMySpace.
comledtodowningthewholewebsitefor2.
5hours.
Inlessthan20hours,thiswormaffectedaboutamillionusersregisteringitselfasoneofthefastestpropagatingwormsinhistory.
Soshouldorganizationsbeconcernedaboutcross-sitescriptingWell,ifanorganization'swebsiteacceptsuserinputthenitmaybevulnerabletocross-sitescriptingattacksandconcernisindeedwarranted.
WHATISXSSWhenawebsiteisacceptinguserinputwithoutvalidation,thewebsiteisvulnerabletocross-sitescriptingattacks.
Whenabrowserrendersauserinputasabrowserscriptthatisknownascross-sitescripting.
Examplesincludethebrowserexecutingcommandstodisplaymaliciouscontentortheintentmaybetostealthevictim'susercredentialsorpersonalinformation.
2CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
Illustration1.
Source:Acunetix(http://www.
acunetix.
com/websitesecurity/cross-site-scripting/)Theillustrationabovegivesahighlevelviewofatypicalcross-sitescriptingattack.
Attackerinjectsamaliciousscriptonawebsite.
Whenavictimvisitsthatwebsite,thebrowserrenderstheattacker'sscriptinterpretingitasbenign,butthisscriptcandoterriblethingsonthevictim'sbrowser.
ThebrowserrendersanythingwritteninsideHTMLtagsontheclientside.
SoifanattackercraftsaninputtothewebsiteintheformofHTMLtagsorbrowserscript,thebrowserwillthinkitisapartofthewebsiteandwilltryandrendertheresult.
Thisleadstocross-sitescriptingattacks.
TherearedifferenttypesofXSSattacks.
SomeexamplesareStored,Reflected,andDOMbasedXSS.
Stored:Theseattacksarethoseinwhichinjectedscriptisstoredintheserverorthedatabase.
Wheneverthatpageisloaded,thescriptisloadedfromthestorageareaandinfectsthemachineloadingthepage.
Reflected:ReflectedXSSarepartsofsearchresults,errormessages,etc.
,whicharesenttothebrowserthroughadifferentroutethantheactualwebsitepage.
Socialengineeringismostcommonlyusedtotricktheuserintoclickingonspeciallycraftedformsorweblinkswhichsendthemaliciousscripttothebrowser.
Thebrowser,assumingthatitiscomingfromatrustedsource,executesthescript.
ThistypeofXSSisalsoknownasnon-persistentXSS.
DOMbased:TheseattacksareexecutedbymodifyingtheDOMenvironmentinthe3CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
victim'sbrowser.
TheHTTPresponseinthepagedoesnotchange,buttheclientsidecodeinthepageexecutesdifferently.
It'sacommonmisunderstandingthatareadonlysiteissecurefromXSSattack,butthatisnottrue.
MostXSSattacksstealtheuser'scookies,session,files,ortheyeventryandinstallTrojans.
XSSattackscanhideagainstwebapplicationfiltersbyusingcharacterencodingforexamplethetagcanbeencodedas<script>.
EvenencodingthecontentandaddingametatagtotheDOMcanpreventXSSdetection.
IframeshelpinimportingHTMLtoyourpagewhichconsequently,helpsinaidinginXSSattacks.
CONSEQUENCESOFXSSATTACKSAnattackercandoalotofdamagewithXSSattacks:Identitytheftisoneofthemajorconcerns.
Anattackercanstealpersonalinformationaboutavictim,suchasvictim'scredentialsandsessiondetails,andthenimpersonatethevictim.
Forexample,byobtainingavictim'sonlinebankingsessiondetailsandpersonalinformation,anattackercantransfermoneytohisaccount.
ThroughXSSanattackercandefacewebsites,spyonusersaccessingthatwebsite,orcauseadenialofserviceattack.
Attackerscangainaccesstosensitiveorrestrictedinformation.
Forexampletheattackercangetholdofthedatabasewherelogininformationisstored.
Attackercanobtainfreeaccesstootherwisepaidforcontent.
AnXSSattacknotonlyaffectsusersofthewebsite,butitalsoaffectsthecompanyrunningthevulnerablewebsite.
Brandreputationisatstake.
Thesetypesofincidentsresultinalossofcustomertrustandmayalsohaveafinancialimpact.
XSSATTACKMETRICSIntermsofwebapplicationvulnerabilitiesdisclosed,the1Q2014editionoftheIBMX-ForceThreatIntelligenceQuarterlyreportedasignificantdropinXSSvulnerabilitiesfor2013from2012.
ThiscouldbeapossibleexplanationofanotabledecreaseinXSSattackactivitythisyearcomparedtotheprevious.
Atthetimeofthisreport,IBM'sManaged4CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
SecurityServiceshasobserveda31percentdecreaseinXSSattackactivityascomparedto2013asillustratedinFigure1below.
Figure1.
XSSAttackActivityasobservedbyIBM'sManagedSecurityServices,2011–2014.
Fewerreportedvulnerabilitieshowever,doesn'tnecessarilyequatetolessattackactivity.
Attackershavebeenknowntoutilizeoldervulnerabilitiestoexploitsitesbecausetheyknowthatorganizationsareoftenslowtopatchlesscriticalvulnerabilities,suchasthoseallowingcross-sitescripting.
Whygothroughthetroubleofdevelopinganewexploitforthelatestvulnerability,whentheexistingexploitsinanattacker'sarsenalalreadydothetrickFigure2belowoffersaviewofXSSattackactivityoverthelastfouryears.
Thereissomepositivenewstobegleamedfromthischart.
Attackactivityfor2014istrendingdownward.
Attackactivitythislowhasnotbeenobservedsince2011.
Willthistrendcontinuein2015Ifvulnerabilitypatchmanagementcontinuestoimproveandfewerandfewercross-sitescriptingvulnerabilitiesarereported,thenacontinueddownwardtrendispossible.
5CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
Figure2.
XSSAttackActivityasobservedbyIBM'sManagedSecurityServices,2011–2014.
RECOMMENDATIONS/MITIGATIONTECHNIQUESWhileorganizationsshouldbeconcernedwithhigherprofileattacksandthreats,theycanalsonotignorethemorecommonvulnerabilitiesfoundinwebapplications.
Accordingtothe1Q2014editionoftheIBMX-ForceThreatIntelligenceQuarterly,cross-sitescriptingwasthesecondmostprevalentconsequenceofexploitationat18percent.
Attackerstakeadvantageofcompaniesthatarefocusingsolelyonputtingoutthemajorfiresandtargettheirlowhangingfruitvulnerabilities.
Cross-sitescriptingfallsinthiscategory.
Thereareseveralstepsorganizationscantaketomitigatethistypeofthreat.
Somestepsrequirethewebsiteadministrator'sparticipationandothersfallunderusereducation:InputsanitizingisthebestmethodtopreventXSSattacks.
Performingathoroughcodereviewisamust.
CheckfromwhereuserorHTTPrequestinputcanmakeitswaytoHTMLoutput.
Evenifdocument.
cookiefunctionofJavaScriptisdisabled,anattackercanfindthecookieinformationoftheuserthroughtheserver.
Hence,HTTPtraceshouldalsobedisabled.
Byfollowinglinkstodifferentwebsitesfromthemainwebsiteyouarevulnerableto6CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
XSSattacks.
IfyouareonaparticularwebsiteanditsupposedlylinksGoogle'swebsite,insteadoffollowingthatlinkdirectly,typeinGoogle'sURLinthebrowser.
BeingvigilanttosocialengineeringattackswillalsopreventXSSattacks.
Alluserinputshouldbetreatedastextbythebrowserinsteadofexecutablebrowserscript.
IDPSSIGNATURESWherepossible,werecommendthatcustomersenablethesignatureslistedbelowandanalyzeanyeventsgeneratedbythem.
Inaddition,ensurethatanyrelatedsecuritypatchesandanti-virussolutionsareup-to-date.
Thesesignaturesmaynotbeenabledbydefault.
IBMPROVENTIAadobe-asfunction-protocol-xssadobe-navigatetourl-xssApache.
HTTPD.
mod_proxy_balancer.
XSSApache.
Tomcat.
Host.
Manager.
Name.
XSSApache.
Tomcat.
Sendmail.
Examples.
XSSCGI.
Bonsai.
/cvslog.
cgi.
XSScPanel.
FILEOP.
Parameter.
Multiple.
XSSCSS_IE_Expression_Sanitization_XSSCSS_IE_HTML_Sanitization_XSSCSS_Moz_Binding_Cross_Domain_ScriptingDHTML_IE_JavaScript_XSSDokeosMultipleXSSEmail_iNotes_Math_XSSEmail_iNotes_Svg_XSSEmail_OWA_Header_XSSEmail_OWA_XSSfirefox-character-encoding-xssFlash_NavigateToURL_XSSGZIP_Filename_Script_Char_ExecHTML_Asp_Dot_Net_XSSHTML_Cisco_InjectionHTML_Exchange_OWA_Script_InjectionHTML_Firefox_Sidebar_Panel_XSSHTML_IE7_Navigation_Cancelled_XSSHTML_Lotus_Webaccess_JS_XSSHTML_MMc_XSS7CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
HTML_Pdf_XSSHTML_SharePoint_Username_XSSHTML_SrcDoc_XSSHTML_XSS_AttemptHTML_XSS_ViewSource_JavaScriptHTTP_Apache_Expect_XSSHTTP_Apache_OnError_XSSHTTP_BEA_Admin_Console_XSSHTTP_MSSCOM_Cross_Site_ScriptingHTTP_OpenView_nnmvalidate_XSSHTTP_PHP_Transfer_XSSHTTP_QueryName_XSSHTTP_Response_Set_Cookie_XSSHTTP_SharePoint_Admin_GetArg_XSSHTTP_SharePoint_GetArg_XSSHTTP_Sharepoint_Inplview_XSSHTTP_SharePoint_XSS_JavaScript_InjectionHTTP_Share_Point_XSSHTTP_Symantec_WebGateway_Console_XSSHTTP_Tivoli_WebReports_Cross_Site_ScriptingHTTP_XSS_JavaScript_Function_ExecIBM.
System.
Storage.
DS.
Storage.
Manager.
XSSphp-phpinfo-function-xssScript_IE_toStaticHTML_XSSSIP_Header_XSSAKAMAICross-siteScripting(XSS)AttackIEXSSIEXSSFilIEXSSFilters-AttackIEXSSFilters-AttackDetectedIEXSSFilters-AttackDetected.
InboundAnomalyScoreExceeded(TotalScore:%(WAF_CRS_TOTAL_ANOMALY_SCORE),SQLi=%(WAF_CRS_SQL_INJECTION_InboundAnomalyScoreExceeded(TotalScore:%{TX.
ANOMALY_SCORE},SQLi=%{TX.
SQL_INJECTION_SCORE},XSS=%{TX.
XSSPersistentUniversalPDFXSSattackPossibleXSSAttackDetected-HTMLTagHandlerUPDF/XSSinjectionAttackXSSAttackDetected8CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
XSSFilter-Category1:ScriptTagVectorXSSFilter-Category2:EventHandlerVectorCHECKPOINTAcrobatReaderUXSSJavaScriptCodeExecutionAcrobatReaderUXSSRemoteCodeExecutionAppleSafariwebarchiveFileFormatUXSSB-netSoftwareContentManagementSystemshout.
phpnameParameterXSS-Ver2CFORMXSSAlertGoogleChromeXSSAuditorFilterSecurityPolicyBypassInternetExplorerNavigationCancelPageXSS-Ver2InternetExplorertoStaticHTMLAPIXSS(MS10-035)InternetExplorerXSSFilterJavaScriptInformationDisclosure(MS11-089)InternetExplorerXSSFilterJavaScriptInformationDisclosure(MS11-099)InterWovenWorkDocsXSSCross-SiteScriptingJoomla!
HTTP-ReferrerXSSMicrosoftAntiXSSLibraryBypassInformationDisclosure(MS12-007)MicrosoftSharePointReflectedListParameterXSS(MS12-050)MicrosoftSharePointXSSscriptresx.
ashxElevationofPrivilege(MS12-050)MicrosoftVisualStudioTeamFoundationServerXSS(MS12-061)OracleGlassFishEnterpriseServerMultipleReflectedXSSVulnerabilitiesSAPInternetTransactionServerwgate.
dllserviceParameterXSS-Ver2UserDefinedXSSAlertXSSAttacks-IPS-1-GeneralSettingsXSSinvalidconfigurationCISCOIDS5232.
1-URLwithXSS5431.
1IISW3WhoVulnerabilties5432ScriptEmbededinHTTPHeader5551.
0-OutlookWebAccessCrossSiteScriptingVulnerability5757-MicrosoftExchangeServerCross-SiteScripting5770-CiscoSecureACSXSS5807.
0IndexingServiceCrossSiteScriptingVulnerability5817.
0ASP.
NETCrossSiteScripting5848.
0ContentManagementServiceCross-siteScripting5903MSSharePointXSS9CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
6007-ManagementConsoleCross-SiteScriptingAjaxAvailabilityCalendarId_ItemParameterXSSVulnerabilityAxisInternetVoIPManagerContacts.
cgiXSSVulnerabilityBitDefenderInternetSecurity2009XSSCheckPointUTM-1EdgeandSafeDiagnosticCommandXSSVulnerabilityCiscoASAWebVPNXSSCiscoCommonServicesFrameworkHelpServletXSSVulnerabilityCiscoSecureACSXSSCiscoUCCXXSSCiscoUnifiedMeetingPlaceStoredXSSElproLOGMONITORXSSVulnerabilityFlogrIndex.
phpXSSVulnerabilityGoogleChromeXSSAuditorFilterSecurityPolicyBypassVulnerabilityHTTPDaloRADIUSMng-search.
phpXSSVulnerabilityIBMLotusDominoXSSVulnerabilityIBMLotusNotesTravelerAddressParameterXSSVulnerabilityIBMLotusNotesTravelerUserIdParameterXSSVulnerabilityIBMLotusNotesTravelerRedirectURLParameterXSSVulnerabilityIBMTivoliEndpointManagerXSSVulnerabilityIBMWebsphereApplicationServerXSSInternetExplorer8XSSAttackInterspireEmailMarketerIndex.
phpXSSVulnerabilityInterWovenWorkDocsXSSVulnerabilityJahiaxCMXSSVulnerabilityJaowCMSXSSVulnerabilityJCorePathParameterXSSVulnerabilityJForumActionParameterXSSVulnerabiityKajonaGetAllPassedParamsFunctionAbsender_NameParameterXSSVulnerabilityKajonaGetAllPassedParamsFunctionActionParameterXSSVulnerabilityKajonaGetAllPassedParamsFunctionComment_NameParameterXSSVulnerabilityKajonaGetAllPassedParamsFunctionModuleParameterXSSVulnerabilityManageEngineApplicationsManagerMyPage.
doForpageParameterXSSVulnerabilityManageEngineApplicationsManagerProcessTemplates.
doTemplatetypeParameterXSSVulnerabilityManageEngineApplicationsManagerShowCustom.
doMonitornameParameterXSSVulnerabilityManageEngineApplicationsManagerShowresource.
doTypeParameterXSSVulnerabilityMediaPlayerClassicWebServerBrowser.
htmlPathParameterXSSVulnerabilityMicrosoftForefrontUnifiedAccessGatewayDefaultReflectedXSSMicrosoftForefrontUnifiedAccessGatewayXSSVulnerabilityMicrosoftIE8toStaticHTMLXSSMicrosoftInternetExplorer8XSSMicrosoftRemoteDesktopWebAccessXSS10CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
MicrosoftSharePointServerXSSVulnerabilityMicrosoftSharepointXSSMicrosoftSharepointXSSElevationofPrivilegeMicrosoftSharepointXSSVulnerabilityMicrosoftSystemCenterConfigurationManagerReflectedXSSMicrosoftVisualStudioCrossSiteScripting(XSS)VulnerabilityMicrosoftVisualStudioTeamWebAccessXSSVulnerabilityMSInternetExplorer8XSSMSSharePointXSSMyBBGameSectionPluginXSSVulnerabilityNagiosXIReflectedXSSVulnerabilityNagiosXIVisApi.
PhpDivParameterXSSVulnerabilityNetArtMediaCarPortalCMS3.
0XSSVulnerabilitiesNetGearDGN1000BWirelessRouterh_skeywordXSSVulnerabilityNetGearDGN1000BWirelessRouterService_nameParameterXSSVulnerabilityNetGearDGN1000BWirelessRouterSsid_nameParameterXSSVulnerabilityNetIQAccessManagerMultipleXSSVulnerabilityOpen-XchangeServerAjaxMailJsonParameterXSSVulnerabilityOpen-XchangeServerTestServletXSSVulnerabilityOpenXPlugin-Index.
phpXSSVulnerabilitiyOracleGlassFishServerAuditModules.
jsfXSSVulnerabilityOracleGlassFishServerJmsHosts.
jsfXSSVulnerabilityOracleGlassFishServerKeyXSSVulnerabilityOracleGlassFishServerRealms.
jsfXSSVulnerabilityOracleGlassFishServerStoredXSSVulnerabilityOutlookWebAccessXSSQuick.
CmsandQuick.
CartXSSVulnerabilityRTTucsonQuotationsDatabaseQuote_search.
phpXSSVulnerabilitySAPWebApplicationServerXSSSharepointServer2007XSSSiemensWinCCWebNavigatorDownloadComponents.
aspHTTPRefererXSSSiemensWinCCWebNavigatorDownloadSelect.
aspXSSSiemensWinCCWebNavigatorMainControl.
aspXSSSiemensWinCCWebNavigatorProject.
aspXSSSiemensWinCCWebNavigatorUnsupported.
aspAgentParameterXSSSiemensWinCCWebNavigatorWebClient.
aspXSSSiemensWinCCWebNavigatorWNStandart.
aspXSSSlashCMSIndex.
phpXSSVulnerabilitySolarWindsOrionIPAddressManagerIPAMSearch.
aspxXSSVulnerabilityStradusCMSXSSVulnerabilitySubrionCMSGroupParameterXSSVulnerability11CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
SubrionCMSIdParameterXSSVulnerabilitySymantecWebGatewayXSSVulnerabilityTelnetFailureLogXSSURLwithXSSVoipNowProfessionalNsexttParameterXSSVulnerabilityWebKitCrossSiteScriptingFilterXSSAuditor.
cppSecurityBypassVulnerabilityWordPressABCTestPluginIdParameterXSSVulnerabilityWordPressChurch_AdminIdParameterXSSVulnerabilityWordPressCountPerDayPluginDateminParameterXSSVulnerabilityWordPressCountPerDayPluginPageParameterXSSVulnerabilityWordPressDesignApprovalSystemPluginXSSVulnerabilityWordPressFeaturificForWordPressPluginSnumParameterXSSVulnerabilityWordPressFlashnewsThemeSrcParameterXSSVulnerabilityWordPressFlashnewsThemeTest.
phpParameterXSSVulnerabilityWordPressFloatingTweetsXSSVulnerabilityWordpressIndianicFaqsManagerPlugin1.
0XSSVulnerabilityWordPressPlatinumSEOXSSVulnerabilityWordPressPrettyLinkPluginXSSVulnerabilityWordPressRokNewsPagerPluginXSSWordPressTokenManagerPluginTidParameterXSSVulnerabilityWordPressTrafficAnalyzerPluginaoidParameterXSSVulnerabilityWordPressVideoLeadFormPluginErrMsgParameterXSSVulnerabilityWordPressWPSocializerValParameterXSSVulnerabilityXAViX7968HostNameTxtboxParameterXSSVulnerabilityXAViX7968PvcNameParameterXSSVulnerabilityXSSinCiscoACSServerZyxwareHealthMonitoringSystemReflectedXSSVulnerabilityFORTINETHTTP.
URI.
Script.
XSS12Planet.
ChatServer.
XSS1two.
Livre.
d.
guestbook.
php.
XSSAardvark.
Topsites.
PHP.
XSS.
VulnerabilityAbsolute.
Image.
Gallery.
XE.
XSSACART.
admin.
error.
asp.
msg.
variable.
XSSACART.
admin.
index.
asp.
msg.
variable.
XSSACART.
category.
asp.
XSS.
authentication.
bypassACART.
deliver.
asp.
msg.
variable.
XSSACART.
error.
asp.
msg.
Variable.
XSS12CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
Actinic.
E-Commerce.
Services.
bb000001.
pl.
XSS.
VulnerabilityActinic.
E-Commerce.
Services.
ca000001.
pl.
hop.
Variable.
XSSActinic.
E-Commerce.
Services.
ca000007.
pl.
REFPAGE.
Variable.
XSSAdalis.
D-Forum.
Nav.
PHP3.
XSSAdiscon.
LogAnalyzer.
index.
php.
Parameter.
XSS.
VulnerabilityAditus.
Consulting.
JpGraph.
Multiple.
XSS.
VulnerabilitiesAditus.
Consulting.
JpGraph.
MultipleXSS.
VulnerabilitiesAdobe.
Acrobat.
Plugin.
XSSAdobe.
ColdFusion.
cfadminUserId.
XSS.
Vulnerability.
APSB10-11Adobe.
ColdFusion.
logintowizard.
cfm.
XSSAdobe.
ColdFusion.
Multiple.
XSS.
Vulnerabilities.
APSB09-12Adobe.
ColdFusion.
probe.
cfm.
XSSAdobe.
ColdFusion.
Scheduleedit.
Cfm.
XSS.
Authentication.
BypassAdobe.
ColdFusion.
Searchlog.
XSSAdobe.
Flash.
Player.
ActiveX.
iframe.
XSSAdobe.
Flash.
Player.
Asfunction.
Protocol.
XSSAdobe.
Flash.
Player.
ExternalInterface.
XSSAdobe.
Flash.
Player.
PCRE.
XSSAdobe.
Flash.
Player.
Unescaped.
JS.
String.
XSSAdobe.
Flash.
Player.
Unescaped.
String.
XSSAdobe.
Flash.
Player.
XSSAdobe.
Flex.
History.
Management.
XSSAdobe.
Reader.
Input.
validation.
XSSADODB.
Tmssql.
php.
XSSAdPeeps.
XSS.
and.
HTML.
Injection.
VulnerabilitiesAdvantech.
WebAccess.
gUpdate.
asp.
XSSAdvantech.
WebAccess.
HMI.
SCADA.
Software.
XSSAestiva.
HTML.
OS.
error.
message.
XSSAestiva.
HTML.
OS.
XSSAfterLogic.
WebMail.
Pro.
Multiple.
XSSAktivate.
Shopping.
System.
catgy.
cgi.
desc.
Variable.
XSSAlan.
Ward.
A-Cart.
MSG.
XSS.
VulnerabilityAnnuaire.
1Two.
XSSApache.
1.
3.
HTTP.
Server.
Expect.
Header.
XSSApache.
ActiveMQ.
XSSApache.
Archiva.
Multiple.
Cross-Site.
Request.
Forgery.
and.
XSS.
VulnApache.
DoS.
And.
XSS.
AttackApache.
Expect.
Header.
XSSApache.
Geronimo.
XSSApache.
Hadoop.
Jetty.
XSSApache.
HTML.
Injection.
And.
UTF7.
XSS13CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
Apache.
HTTP.
Server.
413.
Error.
HTTP.
Request.
Method.
XSSApache.
HTTP.
Server.
Error.
Page.
Host.
XSSApache.
HTTP.
Server.
Error.
Pages.
XSSApache.
httpd.
mod_imap.
module.
XSSApache.
Jakarta.
Results.
JSP.
XSSApache.
Mod.
Perl.
Status.
XSSApache.
Mod.
Proxy.
Ftp.
Undefined.
Charset.
UTF7.
XSSApache.
Mod.
Proxy.
Ftp.
Wildcard.
Characters.
XSSApache.
Mod.
Status.
Status.
Pages.
XSSApache.
MOD_IMAGEIMAP.
Module.
XSSApache.
mod_negotiation.
Filename.
Handling.
XSSApache.
mod_ssl.
Wildcard.
DNS.
XSSApache.
MyFaces.
Tomahawk.
JSF.
Framework.
XSSApache.
OFBiz.
Webslinger.
Component.
XSSApache.
printenv.
XSSApache.
Struts.
cookbook.
processSimple.
do.
Multiple.
XSS.
VulnApache.
Struts.
Error.
Response.
XSSApache.
Struts.
struts-examples.
upload-submit.
do.
Multiple.
XSSApache.
Struts.
struts2-showcase.
edit-person.
action.
XSS.
VulnApache.
Struts.
XSSApache.
Tomcat.
3.
0.
to.
3.
2.
1.
XSSApache.
Tomcat.
4.
1.
XSSApache.
Tomcat.
4.
and.
5.
Multiple.
XSSApache.
Tomcat.
4.
Sendmailer.
Servlet.
Web.
Application.
XSSApache.
Tomcat.
5.
implicit-objects.
jsp.
XSSApache.
Tomcat.
Cal2.
JSP.
XSSApache.
Tomcat.
Calendar.
Application.
XSSApache.
Tomcat.
DOS.
Device.
Name.
XSSApache.
Tomcat.
Example.
XSSApache.
Tomcat.
Host.
Manager.
XSSApache.
Tomcat.
HTML.
Manager.
Interface.
XSSApache.
Tomcat.
Jsp.
Examples.
XSSApache.
Tomcat.
Manager.
XSSApple.
CUPS.
Web.
Interface.
URL.
Handling.
XSSApple.
QuickTime.
Darwin.
Streaming.
Server.
Parse_XML.
CGI.
XSSApple.
Safari.
Feed.
URI.
Input.
Validation.
XSSApple.
Safari.
Parent.
Top.
Property.
XSSapplications:Fusebox.
Index.
CFM.
XSSArbor.
Networks.
Peakflow.
SP.
index.
XSSAskSam.
Web.
Publisher.
As_web4.
XSSASP.
Net.
Unicode.
Conversion.
XSS14CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
ASP.
Portal.
XSSASP.
topics.
asp.
CATIT.
Parameter.
XSSAsterisk.
Recording.
Interface.
XSSAsus.
Routers.
Reflected.
XSS.
and.
Authentication.
Bypass.
VulnAtlassian.
Confluence.
Error.
Page.
XSSAtlassian.
Confluence.
Prior.
to.
3.
4.
8.
Multiple.
XSSAtlassian.
JIRA.
c0-id.
Parameter.
XSSAtlassian.
JIRA.
Multiple.
XSS.
Vulnerabilities.
.
2007.
12.
24Atlassian.
JIRA.
ViewProfile.
Page.
XSS.
Vulnerability.
2008.
10.
29Atlassian.
JIRA.
XSS.
HTTP.
Header.
Injection.
Vulns.
2009.
04.
02Atlassian.
JIRA.
XSS.
Vulnerability.
in.
Issue.
Actions.
2008.
02.
21AtMail.
WebMail.
Email.
Body.
HTML.
Injection.
and.
Multiple.
XSS.
VulnAtmail.
XSS.
VulnerabilityAutoInde.
search.
parameter.
XSSAWStats.
awstats.
pl.
URL.
Handling.
XSSAXIGEN.
Mail.
Server.
XSSAxon.
Virtual.
PBX.
logon.
Multiple.
Parameter.
XSS.
VulnerabilitiesAztek.
Forum.
forum_2.
php.
XSSBandmin.
1.
4.
XSSBASE.
base_local_rules.
php.
dir.
Parameter.
XSSBasit.
CMS.
XSSBEA.
WebLogic.
InteractiveQuery.
jsp.
XSSBEA.
WebLogic.
Server.
Express.
XSSBEA.
Weblogic.
XSSBitDefender.
Internet.
Security.
2009.
File.
Name.
XSSBlackBoard.
5.
login.
pl.
url.
Parameter.
XSSBLOB.
Blog.
System.
bpost.
php.
XSS.
VulnerabilityBlog.
Torrent.
BTDownload.
PHP.
XSSBMC.
Remedy.
Knowledge.
Management.
Multiple.
XSSBNET.
Software.
HTML.
XSSBreakCalendar.
XSSBreakCalendar.
XSS.
FlawBugzilla.
Multiple.
XSS.
and.
Information.
Disclosure.
VulnBugzilla.
Multiple.
XSS.
VulnerabilitiesBugzilla.
XSS.
and.
CRLF.
Multiple.
VulnerabilitiesBugzilla.
XSS.
And.
Insecure.
Temporary.
FilenamesBuildBot.
Web.
Status.
XSS.
VulnerabilityCacti.
0.
8.
7e.
Multiple.
XSS.
and.
Arbitrary.
Command.
ExecutionCacti.
Prior.
to.
0.
8.
7g.
Multiple.
XSS.
VulnerabilitiesCactuShop.
XSS.
SQL.
Injection.
VulnsCart32.
GetLatestBuilds.
XSS15CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
Caucho.
Resin.
Data.
Handling.
XSSCaucho.
Resin.
Multiple.
HTML.
Injection.
and.
XSScc_guestbook.
pl.
XSSCGI.
Ceilidh.
XSSCGI.
Happymall.
ECommerce.
NormalHTML.
cgi.
XSSCGI.
Referer.
XSSCGIEmail.
1.
4.
Cgisco.
query.
Variable.
XSS.
VulnerabilityCGIEmail.
1.
6.
Cgisco.
query.
Variable.
XSS.
VulnerabilityCGIWrap.
cgiwrap.
XSSChance.
i.
DiViS.
Web.
DVR.
System.
XSSCheck.
Point.
VPN1.
UTM.
Edge.
Login.
Page.
XSSCherokee.
Error.
Page.
XSSChimara.
Web.
Portal.
Mutiple.
Inputs.
XSSChimera.
Web.
Portal.
Multiple.
Inputs.
XSSChipmunk.
Guestbook.
AddEntry.
PHP.
XSSCisco.
ACS.
UCP.
CSuserCGI.
XSSCisco.
Collaboration.
Server.
LoginPage.
jhtml.
XSS.
VulnerabilityCisco.
Common.
Services.
Devices.
Center.
XSSCisco.
EPC3925.
Goform.
Quick.
Setup.
XSSCisco.
Secure.
ACS.
LoginProxy.
CGI.
XSSCisco.
Subscriber.
Edge.
Services.
Manager.
XSS.
And.
HTML.
InjectionCisco.
Unified.
Operations.
Manager.
Multiple.
XSSCisco.
Unified.
Operations.
Manager.
XSSCisco.
Unity.
Express.
XSSCisco.
Wireless.
Lan.
Controller.
XSSCitrix.
MetaFrame.
XP.
XSS.
VulnerabilityCitrix.
NFuse.
launch.
asp.
NFuse_Application.
Variable.
XSS.
VulnCitrix.
NFuse.
launch.
jsp.
NFuse_Application.
Variable.
XSS.
VulnCitrix.
NFuse.
XSS.
VulnerabilityCjOverkill.
trade.
php.
XSSClanSphere.
text.
Parameter.
XSS.
VulnerabilityClarkConnect.
proxy.
php.
XSSClaroline.
add_course.
XSSClearTrust.
XSSClixint.
DPI.
Image.
Hosting.
Script.
XSS.
VulnerabilityCMS.
Made.
Simple.
editprefs.
php.
XSS.
VulnerabilityCodeMeter.
WebAdmin.
licenses.
html.
XSS.
Vulnerabilitycollector.
ch.
myGesuad.
Multiple.
SQL.
Injection.
and.
XSSComersus.
Cart.
XSSCoppermine.
Photo.
Gallery.
css.
Parameter.
XSSCoppermine.
Photo.
Gallery.
Multiple.
XSS.
Vulnerabilities16CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
Coppermine.
Photo.
Gallery.
XSSCOWS.
CGI.
Online.
Worldweb.
Shopping.
Diagnose.
CGI.
XSSCpanel.
Multiple.
Script.
XSSCubeCart.
multiple.
PHP.
files.
XSSCuteNews.
index.
php.
XSSCuteNews.
show_news.
php.
XSSCyphor.
footer.
php.
XSSD-Link.
DIR-300.
tools_admin.
php.
XSSD-Link.
MDIR-645.
Multiple.
XSSdaloRADIUS.
login.
php.
error.
Parameter.
XSSdatabase:Oracle.
Reports.
10g.
test.
jsp.
XSSDatenbank.
Module.
For.
PHPBB.
XSSDCP-Portal.
calendar.
php.
year.
variable.
XSSDefault.
Monkey.
Server.
test2.
pl.
Unspecified.
Variable.
XSS.
VulnDell.
OpenManage.
Server.
Administator.
XSS.
VulnerabilityDevoyBB.
XSS.
SQL.
Injection.
VulnsDHCP.
Discover.
Hostname.
XSSDLink.
DSL.
redpass.
cgi.
XSSDNS4Me.
XSSDokeos.
add_course.
XSSDotNetNuke.
Prior.
to.
5.
2.
SearchResults.
aspx.
Search.
parameter.
XSSDotNetNuke.
Prior.
to.
5.
3.
SearchResults.
aspx.
Search.
parameter.
XSSDrake.
CMS.
UI.
DTA.
PHP.
XSSDrupal.
Forum.
XSSDrupal.
Multiple.
XSS.
and.
Access.
Bypass.
Vulns.
SA-CORE-2013-001DVBBS.
7.
1.
XSSDVBBS.
showerr.
asp.
XSSEclipse.
IDE.
Help.
Component.
XSSeFront.
Multiple.
Parameters.
XSS.
And.
SQL.
InjectioneGroupWare.
XSS.
VulnerabilityEktron.
CMS400.
NET.
id.
Parameter.
XSSEktron.
CMS400.
NET.
reterror.
aspx.
XSS.
VulnerabilityEmail.
Attachment.
MIME.
JPG.
XSSEscapade.
Scripting.
Engine.
PAGE.
Variable.
XSS.
VulnerabilityExpinion.
Net.
Member.
Management.
System.
XSS.
VulnerabilityExpinion.
Net.
MMS.
Error.
asp.
XSSExpinion.
Net.
MMS.
XSSeZ.
Publish.
ezjscore.
Module.
XSSeZ.
Publish.
index.
php.
XSS.
VulnerabilityezPublish.
2.
27.
Search.
Parameter.
XSS.
VulnerabilityF-Secure.
Policy.
Manager.
WebReporting.
Multiple.
XSS.
Vuln17CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
Faq-O-Matic.
fom.
cgi.
cmd.
XSSFaq-O-Matic.
fom.
cgi.
file.
Vulnerablity.
to.
XSSFaq-O-Matic.
XSSFastCGI.
echo.
exe.
XSS.
VulnerabilityFastCGI.
echo.
XSS.
VulnerabilityFastCGI.
echo2.
exe.
XSS.
VulnerabilityFastCGI.
echo2.
XSS.
VulnerabilityFastCGI.
Samples.
XSSFeedList.
Plugin.
for.
WordPress.
Parameter.
XSSFireStats.
WordPress.
Plugin.
Multiple.
XSS.
Authentication.
BypassFlashCard.
ID.
Parameter.
XSSFlatNuke.
help.
php.
or.
footer.
php.
XSSFlatNuke.
index.
php.
XSSFork.
CMS.
XSS.
and.
Local.
File.
Inclusion.
VulnerabilitiesForo.
Domus.
Escribir.
PHP.
XSSFortigate.
Firewall.
dlg.
Admin.
Interface.
XSSFortigate.
Firewall.
policy.
Admin.
Interface.
XSSForum.
Livre.
Busca2.
ASP.
Palavra.
XSSFreePBX.
Callmenum.
Remote.
Code.
Execution.
And.
XSSFusebox.
Index.
CFM.
XSSFuseTalk.
tombstone.
cfm.
ProfileID.
XSSGallery.
search.
php.
searchstring.
Variable.
XSS.
VulnerabilityGallery.
XSS.
VulnerabilityGeekLog.
1.
3.
7.
profiles.
php.
uid.
variable.
XSS.
vulnerabilityGeekLog.
Comment.
php.
CID.
Variable.
XSS.
VulnerabilityGeneric.
Referer.
XSS.
AttemptGenium.
CMS.
Galerie.
XSSGForge.
account.
verify.
php.
confirm_hash.
Parameter.
XSSGForge.
help.
tracker.
php.
helpname.
Parameter.
XSSGlassFish.
Enterprise.
Server.
Multiple.
XSS.
VulnsGoAhead.
WebServer.
XSSGoogle.
Chrome.
XSSAuditor.
Filter.
Security.
BypassGoollery.
XSS.
ViewpicGPhotos.
affich.
php.
image.
Parameter.
XSSGPhotos.
diapo.
php.
rep.
Parameter.
XSSHastymail2.
Background.
CSS.
Attribute.
XSS.
VulnerabilityHNS.
title.
cgi.
XSS.
VulnerabilityHorde.
App.
Framework.
icon_browser.
php.
XSS.
VulnHorde.
Groupware.
Webmail.
Edition.
Ingo.
Filter.
Post.
Request.
XSSHorde.
IMP.
Multiple.
XSSHorde.
IMP.
XSS.
Vulnerability18CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
Horde.
php.
subdir.
Parameter.
XSSHP.
Insight.
Diagnostics.
XSSHP.
Network.
Node.
Manager.
I.
Multiple.
XSSHP.
OpenView.
Performance.
Insight.
XSS.
VulnerabilityHP.
Power.
Manager.
CSRF.
And.
XSS.
VulnerabilitiesHP.
SMH.
Remote.
XSS.
VulnerabilityHP.
System.
Management.
Homepage.
XSShtDig.
htsearch.
XSSHTTP.
Accept-Language.
Header.
XSSHTTP.
Malformed.
Request.
XSSHTTP.
Referer.
Header.
XSSHTTP.
Request.
UserAgent.
XSSHTTP.
URI.
Script.
XSSHTTP.
URI.
XSSIBM.
Directory.
Server.
ldacgi.
exe.
XSS.
VulnerabilityIBM.
Lotus.
Connections.
Name.
XSSIBM.
Lotus.
Domino.
HTTP.
Response.
Splitting.
and.
XSS.
VulnsIBM.
Lotus.
Domino.
XSSIBM.
Lotus.
Notes.
XSSIBM.
Lotus.
Sametime.
Client.
Potential.
XSSIBM.
Lotus.
Sametime.
Server.
Multiple.
XSS.
VulnerabilitiesIBM.
Notes.
Bypass.
Restrictions.
and.
XSS.
VulnerabilitiesIBM.
Rational.
Clearcase.
Pathinfo.
XSSIBM.
Tivoli.
Directory.
Server.
XSS.
VulnerabilityIBM.
Tivoli.
Endpoint.
Manager.
Web.
Reports.
ScheduleParam.
XSSIBM.
Tivoli.
Monitoring.
Eclipse.
Help.
Server.
XSSIBM.
WAS.
Administration.
Console.
XSS.
VulnerabilityIBM.
Web.
Traffic.
Express.
Caching.
Proxy.
HTTP.
GET.
Request.
XSSIBM.
WebSphere.
App.
Server.
Admin.
Console.
XSS.
and.
mod_ibm_sslIBM.
Websphere.
Application.
Server.
Webcontainer.
XSSIBM.
WebSphere.
Application.
Server.
XSSiBoutique.
page.
Parameter.
SQL.
Injection.
and.
XSS.
VulnerabilitiesIceWarp.
Mail.
Server.
XSS.
VulnsIceWarp.
Webmail.
addressaction.
html.
XSS.
vulnerabilityIceWarp.
XSSIdeoContent.
Manager.
XSSIIS5.
Sample.
App.
XSS.
AttackIMP.
Content-Type.
XSSInktomi.
Traffic.
Server.
XSSInShop.
InMail.
XSS.
VulnsInterWoven.
WorkDocs.
XSS19CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
Invision.
Power.
Board.
BBCode.
XSS.
VulnerabilityInvision.
Power.
Board.
Referer.
XSSInvision.
Power.
Board.
SML.
XSSInvision.
Power.
Board.
XSSJelSoft.
VBulletin.
search.
php.
XSSJetty.
JSP.
Servlet.
Engine.
XSS.
VulnerabilityJetty.
Persistent.
XSS.
in.
Sample.
Cookies.
ApplicationJEUS.
Web.
Server.
Input.
Validation.
Flaw.
Permits.
Remote.
XSSJive.
Openfire.
User.
Properties.
XSSJoomla!
.
JA_Purity.
Template.
XSS.
VulnerabilityJoomla!
.
Komento.
Component.
Multiple.
XSS.
VulnJoomla!
.
Youtube.
Gallery.
Component.
videofile.
XSS.
VulnJoomla.
Currency.
Converter.
Module.
XSS.
VulnerabilityJoomla.
Lyftenbloggie.
XSS.
VulnerabilityJoomla.
Multiple.
XSS.
and.
Information.
Disclosure.
VulnsJoomla.
Prior.
to.
1.
6.
4.
Multiple.
XSSJoomla.
URI.
Index.
php.
XSSJServ.
Non-existent.
JSP.
File.
XSS.
VulnerabilityJServ.
non-existent.
jsp.
XSSJShop.
E-Commerce.
xSearch.
XSSJuniper.
Networks.
JUNOS.
JWeb.
Multiple.
XSS.
And.
HTML.
InjectionKayako.
ESupport.
XSS.
SQL.
Injection.
VulnsKayako.
SupportSuite.
Ticket.
Subject.
XSS.
VulnerabilityKDE.
Konqueror.
KHTML.
Library.
Title.
XSSKeene.
Digital.
Media.
Server.
XSSKerio.
MailServer.
Buffer.
Overflow.
XSS.
VulnsKeyfax.
Customer.
Response.
Management.
Multiple.
XSSKingsoft.
Webshield.
XSSLed-Forums.
Index.
php.
Topmessage.
Variable.
XSS.
VulnerabilityLedForums.
Forums.
Index.
php.
Top_message.
Variable.
XSSLink.
Bank.
Site.
XSSLinksys.
WVC54GCA.
Wireless-g.
XSSLiteSpeed.
ConfMgr.
PHP.
M.
XSSLotus.
Domino.
Server.
XSS.
VulnerabilityLycos.
htmlGEAR.
Guestbook.
XSSMacromedia.
ColdFusion.
Missing.
Template.
XSS.
VulnerabilityMacromedia.
JRun.
JMC.
Interface.
clusterframe.
jsp.
XSS.
AttackMacromedia.
Sitespring.
500error.
jsp.
et.
Variable.
XSS.
VulnMail.
showmail.
pl.
folder.
Variable.
XSS.
VulnerabilityMailEnable.
Webmail.
XSSMailEnable.
Webmail.
XSS.
Vulnerability20CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
Mailman.
listinfo.
XSS.
VulnerabilityMailman.
ml-name.
Feature.
Multiple.
Variable.
XSSMailman.
Prior.
to.
2.
1.
14.
Multiple.
XSS.
.
VulnerabilitiesMailtraq.
Browse.
ASP.
XSSMakeBid.
Auction.
Deluxe.
XSSMambo.
administrator/upload.
php.
choice.
XSSMambo.
emailarticle.
php.
id.
XSSMambo.
emailfaq.
php.
id.
Variable.
XSSMambo.
emailnews.
php.
id.
Variable.
XSSMambo.
mambosimple.
php.
sitename.
Variable.
XSSMambo.
Site.
Server.
gallery.
php.
XSS.
VulnerabilityMambo.
Site.
Server.
navigation.
php.
XSS.
VulnerabilityMambo.
Site.
Server.
upload.
php.
XSS.
vulnerabilityMambo.
Site.
Server.
uploadimage.
php.
XSS.
VulnerabilityMambo.
Site.
Server.
view.
php.
Path.
Variable.
XSS.
VulnerabilityManageEngine.
ADAudit.
Plus.
reportList.
Param.
XSSManageEngine.
ADManager.
Plus.
computerName.
Param.
XSSManageEngine.
ADManager.
Plus.
Multiple.
XSS.
VulnerabilitiesManageEngine.
ADSelfService.
Plus.
SearchString.
XSSManageEngine.
App.
Manager.
Multiple.
XSS.
and.
SQL.
Injection.
VulnManageEngine.
ServiceDesk.
Plus.
SolutionSearch.
do.
XSS.
VulnMantis.
Multiple.
Unspecified.
XSSMantis.
Multiple.
XSS.
and.
SQL.
InjectionMantis.
view.
all.
set.
php.
XSSMantisBT.
Multiple.
Local.
File.
Include.
andXSS.
VulnsMantisBT.
NuSOAP.
XSS.
VulnerabilityMantisBT.
Prior.
to.
1.
2.
3.
Multiple.
XSS.
VulnerabilitiesMantisBT.
Prior.
to.
1.
2.
7.
Multiple.
XSS.
VulnerabilitiesMantisBT.
XSS.
And.
SQL.
InjectionMax.
Web.
Portal.
search.
asp.
Search.
Variable.
XSSMcAfee.
ePolicy.
Orchestrator.
XSS.
Vuln.
KB78824McAfee.
WebShield.
UI.
dashboard.
XSS.
VulnerabilityMcAfee.
WebShield.
UI.
ProcessTextFile.
XSS.
VulnerabilityMDaemon.
WorldClient.
Prior.
to.
12.
5.
7.
Multiple.
XSS.
VulnMediaWiki.
AJAX.
Index.
PHP.
XSSMediaWiki.
Backslash.
Escaped.
CSS.
Comments.
XSSMediaWiki.
CSS.
Comments.
XSSMediaWiki.
Parser.
Script.
Insertion.
XSSMediawiki.
SVG.
XSS.
and.
Password.
Reset.
VulnMediaWiki.
uselang.
Parameter.
XSSMediaWiki.
XSS.
Vulnerability21CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
MegaBook.
admin.
cgi.
login.
name.
XSS.
VulnerabilityMercuryBoard.
f.
Parameter.
XSSMercuryBoard.
Index.
Php.
XSSMewsoft.
NetAuction.
auction.
cgi.
Term.
Variable.
XSSMHonArc.
SMTP.
XSSMicrosoft.
IIS.
Redirect.
Response.
XSS.
VulnMicrosoft.
Internet.
Explorer.
XSS.
Filter.
SCRIPT.
Tag.
XSS.
VulnMicrosoft.
SharePoint.
Services.
Help.
Page.
cid0.
Parameter.
XSSMicrosoft.
SharePoint.
Upload.
aspx.
XSS.
VulnerabilityMicrosoft.
Site.
Server.
Default.
asp.
XSSMicrosoft.
Site.
Server.
formslogin.
asp.
url.
Parameter.
XSSMini.
Web.
Shop.
Viewcategory.
PHP.
XSSMiniBB.
XSS.
VulnMIT.
Cgiemail.
Cgicso.
Query.
Variable.
XSS.
VulnerabilityMODx.
Evolution.
CMS.
SearchHighlight.
Plugin.
XSS.
VulnerabilityMODx.
Revolution.
CMS.
modahsh.
Parameter.
XSS.
VulnerabilityMoniWiki.
Wiki.
PHP.
XSSMonkey.
HTTP.
Daemon.
Sample.
Script.
XSSMoodle.
XSSMozilla.
Browser.
Zombie.
Document.
XSSMozilla.
Browsers.
CSS.
Moz-binding.
XSSMozilla.
Firefox.
IFRAME.
XSSMozilla.
Firefox.
Javascript.
BOM.
Characters.
XSSMozilla.
Firefox.
Javascript.
Html.
Escaped.
Surrogates.
XSSMozilla.
Firefox.
Locationbar.
XSSMoziloCMS.
Local.
File.
Include.
and.
XSSMS.
Anti.
XSS.
Library.
Bypass.
Information.
DisclosureMS.
AntiXSS.
Lib.
Info.
DisclosureMS.
ASP.
DotNET.
XSSMS.
ASP.
NET.
Framework.
XSSMS.
ASP.
NET.
XSSMS.
ASP.
NET.
XSS.
BMS.
Dynamics.
AX.
Enterprise.
Portal.
XSSMS.
Exchange.
OWA.
From.
XSSMS.
Exchange.
OWA.
HTML.
Parse.
XSSMS.
Exchange.
OWA.
XSS.
SpoofingMS.
Exchange.
Server.
5.
5.
Outlook.
Web.
Access.
XSSMS.
Exchange.
Server.
Outlook.
Web.
Access.
XSSMS.
Forefront.
UAG.
Mobile.
Portal.
Website.
XSSMS.
Forefront.
UAG.
Server.
default.
asp.
XSSMS.
Forefront.
UAG.
Server.
tableData.
XSS22CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
MS.
Forefront.
UAG.
Server.
XSSMS.
Forefront.
UAG.
Signurl.
XSSMS.
Forefront.
UAG.
XSSMS.
Frontpage.
Server.
Extension.
fpadmdll.
dll.
XSSMS.
IE.
CSS.
expression.
Property.
XSSMS.
IE.
EUC.
JP.
Character.
Encoding.
Universal.
XSSMS.
IE.
FTP.
Web.
View.
XSSMS.
IE.
Malformed.
Image.
XSSMS.
IE.
NavCancel.
HTM.
XSSMS.
IE.
NavCancel.
XSSMS.
IE.
SharePoint.
toStaticHTML.
XSSMS.
IE.
toStaticHTML.
Function.
XSSMS.
IE.
TOSTATICHTML.
HTML.
Sanitization.
XSSMS.
IE.
Windows.
MHTML.
XSSMS.
IE.
XSS.
Filter.
Information.
DisclosureMS.
IE7.
navcancl.
htm.
XSSMS.
IIS.
Help.
File.
Search.
XSSMS.
IIS.
HTTP.
Error.
Page.
XSSMS.
IIS.
IDC.
Extension.
XSSMS.
IIS.
IndexServer.
Htw.
XSSMS.
IIS.
Redirection.
Error.
Page.
XSSMS.
Indexing.
Service.
IIS.
XSSMS.
ISA.
Server.
Forefront.
TMG.
Cookieauth.
Dll.
XSSMS.
Lync.
Meeting.
URL.
XSSMS.
Mulitple.
Server.
CSS.
Expressions.
XSSMS.
Office.
CDO.
XSSMS.
Outlook.
Web.
Access.
XSSMS.
Remote.
Desktop.
Web.
Access.
XSSMS.
Remote.
Desktop.
Web.
Access.
XSS.
Vuln.
MS11-061MS.
Report.
Viewer.
TimeMethod.
XSSMS.
SCCM.
XSSMS.
SCOM.
Web.
Console.
XSSMS.
SharePoint.
Calendar.
CalendarData.
XSSMS.
SharePoint.
EditForm.
TEXTFIELD.
SPSAVE.
XSSMS.
SharePoint.
inplview.
aspx.
XSSMS.
SharePoint.
Query.
Iqy.
XSSMS.
SharePoint.
Reflected.
List.
Parameter.
XSSMS.
SharePoint.
Server.
Filter.
Aspx.
XSSMS.
SharePoint.
Server.
Help.
aspx.
XSSMS.
SharePoint.
Server.
Lists.
XSSMS.
Sharepoint.
Server.
PlaceHolderDialogBodySection.
XSS23CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
MS.
SharePoint.
Server.
Remote.
XSSMS.
SharePoint.
Server.
scriptresx.
ashx.
XSSMS.
SharePoint.
Server.
XSSMS.
SharePoint.
themeweb.
aspx.
XSSMS.
SharePoint.
Username.
XSSMS.
SharePoint.
Web.
Analytics.
XSSMS.
SharePoint.
Wiki.
Page.
HTTP.
Post.
Request.
XSSMS.
SharePoint.
wizardlist.
aspx.
XSSMS.
SharePoint.
Wizardlist.
XSSMS.
SharePoint.
XSSMS.
SQL.
Injection.
Table.
XSSMS.
SqlServer.
Reporting.
Services.
XSSMS.
Visual.
Studio.
Team.
Server.
Foundation.
Multiple.
XSSMS.
Windows.
AD.
Certificate.
Service.
XSSMS.
Windows.
Management.
Console.
XSSMS.
Windows.
MHTML.
XSSMS.
Windows.
MHTML.
XSS.
AttemptMS.
Windows.
Remote.
Desktop.
Web.
Access.
XSSMS.
Windows.
SharePoint.
Services.
and.
SharePoint.
Team.
Services.
XSSMS.
Windows.
System.
Center.
Operations.
Manager.
Web.
Console.
XSSMy.
Little.
Forum.
XSSMyBB.
Prior.
to.
1.
6.
1.
Multiple.
XSS.
VulnerabilitiesMyBulletinBoard.
XSS.
and.
SQL.
InjectionMyBulletinBorad.
1.
0.
0.
XSSmyGuestBook.
CGI.
myguestbook.
cgi.
XSSMySQL.
Eventum.
bugs.
forgotpassword.
php.
email.
variable.
XSSMySQL.
Eventum.
forgotpassword.
php.
email.
Variable.
XSSMyWebServer.
1.
0.
2.
XSS.
VulnMyWebServer.
Long.
URL.
Error.
Page.
XSSNagios.
XI.
Alert.
Cloud.
XSSNagios.
XI.
Multiple.
HTTP.
XSSNagiosQL.
TxtSearch.
Parameter.
XSSNamazu.
namazu.
cgi.
.
multiple.
XSS.
VulnsNaxtor.
Edirectory.
Message.
ASP.
XSSNeoteris.
IVE.
XSSNessus.
Web.
Server.
XSS.
VulnerabilityNetGear.
FVS318.
Filter.
Log.
XSSNetwork.
Query.
Tool.
XSSNetworkActiv.
Web.
Server.
XSSNokia.
Electronic.
Documentation.
XSSNovell.
GroupWise.
Prior.
7.
03HP2.
8.
0HP1.
WebAccess.
Multi.
XSS24CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
Novell.
GroupWise.
WebAccess.
Login.
User.
lang.
Param.
XSSNovell.
QuickFinder.
Server.
XSSNuke.
Bookmarks.
XSSNuked-Klan.
Multiple.
XSS.
VulnsOcean12.
Guestbook.
XSSocPortal.
Arbitrary.
File.
Disclosure.
and.
XSS.
VulnerabilitiesOmniHTTPD.
redir.
exe.
CGI.
parameter.
XSSOmniHTTPd.
test.
php.
Sample.
Application.
XSSOmniHTTPd.
test.
shtml.
Sample.
Application.
XSSOneCMS.
index.
php.
XSS.
VulnerabilityOpen.
WebMail.
Logindomain.
Parameter.
XSS.
VulnOpenAdmin.
Tool.
for.
Informix.
informixserver.
Parameter.
XSSOpenBB.
board.
php.
XSSOpenBB.
member.
php.
XSSOpenWebMail.
Content-Type.
XSSOpera.
Command.
Execution.
and.
XSS.
VulnerabilityOpera.
Web.
Browser.
HTML.
Injection.
and.
XSSOracle.
Application.
Server.
Bpel.
XSSOracle.
Application.
Server.
Portal.
XSSOracle.
BEA.
Weblogic.
Linked.
XSSOracle.
BEA.
Weblogic.
Server.
Console-help.
Portal.
XSSOracle.
BPM.
Process.
Administrator.
tips.
jsp.
XSS.
VulnerabilityOracle.
Business.
Intelligence.
Enterprise.
Edition.
XSSOracle.
GlassFish.
Server.
Malformed.
Username.
XSSOracle.
GlassFish.
Server.
XSSOracle.
HTTP.
Server.
Isqlplus.
XSSOracle.
HTTP.
Server.
XSSOracle.
OpenSSO.
XSS.
POST.
InjectionOracle.
Portal.
JSP.
tc.
Parameter.
Handling.
XSSOracle.
Reports.
10g.
test.
jsp.
XSSOracle.
Reports.
Server.
XSSOracle.
Reports.
Web.
Cartridge.
RWCGI60.
XSSOracle.
Secure.
Backup.
Administration.
Server.
login.
php.
XSSOracle.
Secure.
Enterprise.
Search.
Linked.
XSSOracle.
Secure.
Enterprise.
Search.
XSSOracle.
WebCenter.
Content.
Component.
XSS.
VulnerabilityOracle.
Workflow.
WfMonitor.
XSSOracle.
Workflow.
Wfroute.
XSSOracle9iAS.
iSQLplus.
XSSOracle9iAS.
mod_plsql.
XSSosCommerce.
default.
php.
error_message.
XSS.
Vulnerability25CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
osCommerce.
default.
php.
info_message.
XSS.
VulnerabilityOTRS.
Prior.
to.
3.
0.
7.
Multiple.
XSS.
VulnerabilitiesOwl.
Intranet.
Engine.
XSS.
SQL.
Injection.
VulnsP2P.
Server.
Xedus.
XSSPalo.
Alto.
Firewall.
Role.
XSSPeopleSoft.
JMS.
Listening.
Connector.
Activity.
Param.
XSSPerception.
LiteServe.
Directory.
Index.
XSSPhorum.
Search.
Script.
XSSPhotoADay.
Pad_selected.
Parameter.
XSSPhotoPost.
PHP.
Pro.
XSSPHP-Fusion.
Homepage.
Address.
XSSPHP-Nuke.
comments.
php.
subject.
Variable.
XSS.
VulnerabilityPHP-Nuke.
download.
php.
dcategory.
Variable.
XSS.
VulnerabilityPHP-Nuke.
friend.
php.
fname.
Variable.
XSS.
VulnerabilityPHP-Nuke.
Viewpage.
php.
XSS.
VulnPHP-Nuke.
Your_Account.
avatarcategory.
XSSPHP.
CMS.
Made.
Simple.
Index.
php.
XSSPHP.
CSS.
Parameter.
Remote.
XSSPHP.
CSS.
Parameter.
XSSPHP.
FlatNuke.
XSSPHP.
Guppy.
XSSPHP.
index.
php.
SEARCH.
Parameter.
XSSPHP.
Index.
php.
Shard.
Parameter.
XSSPHP.
Invision.
Power.
Board.
Multiple.
XSSPHP.
phpinfo.
3.
Multiple.
Method.
User.
Supplied.
Array.
XSSPHP.
phpinfo.
Multiple.
Method.
User.
Supplied.
Array.
XSSPHP.
PHPWCMS.
XSSPHP.
PostNuke.
TTitle.
XSSPHP.
preview.
php.
FILE.
Parameter.
XSSphp.
Reactor.
Comments.
Section.
browse.
php.
go.
Variable.
XSS.
Vulnphp.
Reactor.
Forums.
Section.
browse.
php.
go.
Variable.
XSS.
VulnPHP.
Riverdark.
rss.
php.
XSSPHP.
upload.
php.
PATH.
Parameter.
XSSPHP.
WHM.
AutoPilot.
XSSPHP.
XSS.
magic_quotes.
vulnerabilitiesPHP.
Zeroboard.
XSSPhpAdsNew.
configuration.
file.
XSSphPay.
search.
php.
lookfor.
variable.
XSSphpBB.
viewtopic.
php.
highlight.
variable.
XSSphpBB.
viewtopic.
php.
topic_id.
variable.
XSSphpBook.
guestbook.
php.
XSS26CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
PHPCMS.
parser.
php.
XSSphpCMS.
Parser.
XSSphpCommunityCalendar.
XSSPhpgroupware.
Addressbook.
Index.
php.
Name.
Variable.
XSS.
VulnPhpgroupware.
index.
php.
Surname.
Variable.
XSS.
VulnerabilityPhpGroupWare.
XSS.
and.
SQL.
Injection.
IssuesPHPImageView.
phpimageview.
php.
pic.
variable.
XSSPHPKIT.
include.
php.
contact_email.
Variable.
XSS.
VulnerabilityPhpMyAdmin.
Convcharset.
XSSPHPMyAdmin.
Error.
php.
XSSPHPMyAdmin.
Multiple.
Libraries.
And.
Themes.
Remote.
XSSphpMyAdmin.
Multiple.
XSS.
Vulnerabilities.
PMASA-2011-13phpMyAdmin.
Multiple.
XSS.
Vulnerabilities.
PMASA-2011-18phpMyAdmin.
Multiple.
XSS.
Vulnerabilities.
PMASA-2011-19/20phpMyAdmin.
Multiple.
XSS.
Vulnerabilities.
PMASA-2012-4phpMyAdmin.
Prior.
to.
3.
5.
3.
Multiple.
XSSphpMyAdmin.
read_dump.
php.
XSSphpMyAdmin.
setup.
php.
Verbose.
Server.
Name.
XSS.
VulnerabilityPHPMyAdmin.
XSSPhpNuke.
user.
php.
XSS.
vulnerabilityphpPgAdmin.
Prior.
5.
0.
3.
Multiple.
XSS.
VulnerabilitiesPHPRaid.
View.
PHP.
XSSPHProxy.
Error.
Parameter.
XSSPHPSiteSearch.
XSSphpWebSite.
0.
8.
3.
article.
php.
sid.
Variable.
XSS.
VulnerabilityphpWebSite.
fatcat.
Module.
fatcat_id.
Parameter.
XSSphpWebSite.
Pagemaster.
Module.
PAGE_id.
Parameter.
XSSphpWebSite.
Search.
Module.
PDA_limit.
Parameter.
XSSPinnacle.
Systems.
ShowCenter.
SettingsBase.
PHP.
XSSPivot.
Multiple.
XSS.
HTML.
InjectionPivotX.
Prior.
to.
2.
2.
2.
Multiple.
XSS.
VulnerabilitiesPiwigo.
Photo.
Gallery.
Project.
LocalFiles.
Editor.
Plugin.
XSSPmWiki.
Search.
XSSPostNuke.
index.
php.
catid.
Variable.
XSS.
VulnerabilityPostNuke.
user.
php.
img.
src.
Variable.
XSSPowie.
PForum.
Username.
XSSProject.
Woodstock.
UTF-7.
404.
Page.
XSSPsychoStats.
Login.
XSSPunBB.
IMG.
Tag.
Client.
Side.
Scripting.
XSSPunBB.
Install.
PHP.
XSSPunBB.
Profile.
PHP.
XSS27CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
PunBB.
URL.
Quote.
Tag.
XSSQuick.
Post.
Widget.
Plugin.
XSSraSMP.
Index.
PHP.
User.
Agent.
XSSRed.
Hat.
Apache.
HTTP.
Server.
Multiple.
XSSRed.
Hat.
GNU.
Mailman.
Subscribe.
XSSReviewPost.
PHP.
Pro.
2.
84.
XSSRevize.
CMS.
HTTPTranslatorServlet.
XSSRicoh.
Web.
Image.
Monitor.
XSSRockliffe.
MailSite.
HTTP.
Mail.
Management.
XSSRuby.
on.
Rails.
Multiple.
XSS.
VulnsRWAuction.
Pro.
Search.
ASP.
XSSS9Y.
Serendipity.
Remote.
XSSSage.
CMS.
mod.
Variable.
XSS.
VulnerabilitySambar.
Server.
create.
stm.
path.
Variable.
XSSSambar.
Server.
edit.
stm.
name.
Variable.
XSSSambar.
Server.
edit.
stm.
path.
Variable.
XSSSambar.
Server.
environ.
pl.
param1.
Variable.
XSSSambar.
Server.
findata.
stm.
host.
Variable.
XSSSambar.
Server.
findata.
stm.
user.
Variable.
XSSSambar.
Server.
ftp.
stm.
path.
Variable.
XSSSambar.
Server.
htaccess.
stm.
path.
Variable.
XSSSambar.
Server.
iecreate.
stm.
path.
Variable.
XSSSambar.
Server.
ieedit.
stm.
name.
Variable.
XSSSambar.
Server.
ieedit.
stm.
path.
Variable.
XSSSambar.
Server.
index.
stm.
wwwsite.
Variable.
XSSSambar.
Server.
info.
stm.
name.
Variable.
XSSSambar.
Server.
info.
stm.
path.
Variable.
XSSSambar.
Server.
ipdata.
stm.
ipaddr.
Variable.
XSSSambar.
Server.
mkdir.
stm.
path.
Variable.
XSSSambar.
Server.
Multiple.
XSSSambar.
Server.
rename.
stm.
name.
Variable.
XSSSambar.
Server.
rename.
stm.
path.
Variable.
XSSSambar.
Server.
search.
dll.
query.
Variable.
XSS.
VulnerabilitySambar.
Server.
search.
stm.
path.
Variable.
XSSSambar.
Server.
search.
stm.
query.
Variable.
XSSSambar.
Server.
sendmail.
stm.
name.
Variable.
XSSSambar.
Server.
sendmail.
stm.
path.
Variable.
XSSSambar.
Server.
showfnc.
stm.
pkg.
Variable.
XSSSambar.
Server.
showfncs.
stm.
pkg.
Variable.
XSSSambar.
Server.
showfunc.
stm.
func.
Variable.
XSSSambar.
Server.
stmex.
stm.
bar.
Variable.
XSS.
nikto.
00325428CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
Sambar.
Server.
stmex.
stm.
foo.
Variable.
XSS.
nikto.
003255Sambar.
Server.
template.
stm.
path.
Variable.
XSSSambar.
Server.
testcgi.
exe.
XSSSambar.
Server.
Testisa.
dll.
Check1.
Variable.
XSS.
VulnerabilitySambar.
Server.
update.
stm.
name.
Variable.
XSSSambar.
Server.
update.
stm.
path.
Variable.
XSSSambar.
Server.
vccheckin.
stm.
name.
Variable.
XSSSambar.
Server.
vccheckin.
stm.
path.
Variable.
XSSSambar.
Server.
vccreate.
stm.
name.
Variable.
XSSSambar.
Server.
vccreate.
stm.
path.
Variable.
XSSSambar.
Server.
vchist.
stm.
name.
Variable.
XSSSambar.
Server.
vchist.
stm.
path.
Variable.
XSSSambar.
Server.
Whodata.
Sitename.
Variable.
XSS.
VulnerabilitySAP.
CFolders.
XSSSAP.
Crystal.
Reports.
Server.
logonAction.
Parameter.
XSSSAP.
Crystal.
Reports.
viewreport.
asp.
XSSSAP.
Internet.
Transaction.
Server.
Multiple.
XSSSAP.
Internet.
Transaction.
Server.
wgate.
dll.
XSSSAP.
Internet.
Transaction.
Server.
XSSSAP.
Web.
Application.
Server.
Webgui.
XSSSelectaPix.
XSSSemantic.
Enterprise.
Wiki.
XSS.
vulnerabilitySeo.
Panel.
XSS.
VulnerabilitySerendipity.
comment.
php.
XSSSerendipity.
XSS.
Vulnerabilitysgdynamo.
exe.
XSS.
VulnSHOUTcast.
Server.
logfiles.
XSSSilverStripe.
Forums.
Module.
Search.
Parameter.
XSSSimpleGroupware.
export.
Parameter.
XSS.
VulnSIP.
Header.
Remote.
XSSSIP.
Header.
XSSSitecore.
CMS.
sc_error.
Parameter.
XSS.
VulnerabilitySiteframe.
search.
php.
searchfor.
Variable.
XSS.
VulnerabilitySiteman.
Page.
Parameter.
XSSSixCMS.
List.
PHP.
XSSSnitz.
Forums.
2000.
members.
asp.
SQL.
Injection.
and.
XSS.
VulnSnitz.
Forums.
Search.
ASP.
XSSSNMP.
XSS.
AttemptSockso.
Registration.
Persistent.
XSS.
VulnSolarWinds.
Orion.
IPAM.
Reflected.
XSSSophos.
Web.
Protection.
Appliance.
XSS29CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
Sphinx.
Mobile.
Web.
Server.
XSS.
VulnerabilitySplunk.
4.
x.
Prior.
4.
1.
3.
404.
Response.
XSSSplunk.
Prior.
to.
5.
0.
8.
Unspecified.
XSS.
Vuln.
SP-CAAAKQXSplunk.
Reflected.
XSS.
Vulnerability.
SP-CAAAHXGSQLiteManager.
dbsel.
And.
nsextt.
Parameters.
Multiple.
XSS.
VulnSQLiteManager.
Main.
PHP.
XSSSQLiteManager.
main.
php.
XSS.
VulnerabilitySquirrelMail.
addressbook.
php.
multiple.
variable.
XSSSquirrelMail.
help.
php.
chapter.
variable.
XSSSquirrelMail.
options.
php.
optpage.
variable.
XSSSquirrelMail.
read.
body.
php.
XSSSquirrelMail.
search.
php.
multiple.
variable.
XSSStalker.
CommuniGate.
Pro.
WebMail.
URI.
Parsing.
XSSSun.
AnswerBook2.
Documentation.
Search.
Function.
XSSSun.
Application.
Server.
Error.
Message.
XSSSun.
Cobalt.
RaQ.
message.
cgi.
info.
variable.
XSSSun.
iPlanet.
Admin.
Server.
XSSSun.
iPlanet.
WebServer.
Admin.
Server.
XSSSun.
Java.
Calendar.
Server.
Command.
Shtml.
Multiple.
XSS.
VulnSun.
Java.
Calendar.
Server.
Command.
Shtml.
XSSSun.
Java.
Communications.
Express.
UWCMain.
XSSSun.
Java.
System.
Identity.
Manager.
activeControl.
XSSSun.
Java.
System.
Portal.
Server.
Multiple.
XSS.
VulnSun.
Java.
Web.
Console.
help.
JSP.
Scripts.
Multiple.
XSSSun.
Solaris.
Tomcat.
Directory.
Traversal.
and.
XSS.
251986SurgeLDAP.
User.
CGI.
XSSSurgeMail.
surgeweb.
XSSSymantec.
Endpoint.
Protection.
Mgr.
XSS.
and.
CSRF.
VulnerabilitySymantec.
IM.
Manager.
Multiple.
XSSSymantec.
SecurityExpressions.
Audit.
and.
Compliance.
Server.
XSSSymantec.
Web.
Gateway.
Blacklist.
PHP.
XSSSymantec.
Web.
Gateway.
Multiple.
PHP.
Pages.
XSSSymantec.
Web.
Gateway.
XSSSympoll.
index.
php.
vo.
Variable.
XSS.
VulnerabilitySyneto.
Unified.
Threat.
Management.
Index.
php.
XSSTclHttpd.
debug.
module.
dbg.
XSSTclHttpd.
debug.
module.
echo.
XSSTclHttpd.
debug.
module.
errorInfo.
XSSTclHttpd.
debug.
module.
showproc.
XSSTechSmith.
Camtasia.
swf.
cspreloader.
XSSTeekais.
Tracking.
Online.
XSS30CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
Telnet.
Login.
Remote.
XSSTelnet.
Login.
XSSTemaTres.
SQL.
Injection.
and.
XSS.
VulnerabilitiesTestLink.
login.
php.
req.
Parameter.
XSSTheWebForum.
twf.
Register.
PHP.
XSSTiki.
Wiki.
CMS.
Groupware.
snarf_ajax.
php.
XSS.
VulnerabilityTikiWiki.
Multiple.
XSSTikiWiki.
tiki-error.
php.
XSSTiny.
Web.
Gallery.
Index.
PHP.
XSSTinyPHPForum.
Action.
PHP.
XSSTippingPoint.
Web.
Interface.
Reverse.
DNS.
Lookup.
XSSTMax.
Jeus.
url.
jsp.
XSSTomcat.
Calendar.
App.
cal2.
jsp.
time.
Parameter.
XSSTomcat.
Documentation.
Sample.
Multiple.
XSS.
VulnerabilitiesTomcat.
JSP.
Examples.
Web.
Application.
Multiple.
XSSTomcat.
Manager.
Host.
Manager.
Upload.
Script.
XSSTopic.
Calendar.
calendar_scheduler.
XSSTrend.
Micro.
InterScan.
Messaging.
Security.
Suite.
XSSTrendMicro.
InterScan.
Messaging.
Security.
Suite.
XSSTWiki.
Multiple.
XSS.
VulnerabilitiesTWiki.
newtopic.
Parameter.
XSS.
Vulnerability.
TWiki.
organization.
XSS.
VulnerabilityTwitter.
Feed.
for.
WordPress.
Plugin.
XSS.
VulnerabilityTypo3.
BodyTag.
URI.
XSSUBBCentral.
UBB.
threads.
XSS.
VulnsUltimate.
HelpDesk.
Index.
ASP.
XSSUltraseek.
Multiple.
Buffer.
Overflows.
and.
XSSUnobtrusive.
Ajax.
Star.
Rating.
Bar.
rpc.
php.
q.
Variable.
XSSURI.
Request.
XSSUseModWiki.
Wiki.
PL.
XSSVbulletin.
2.
2.
9.
memberlist.
php.
XSSvBulletin.
3.
0.
7.
XSSvBulletin.
3.
0.
9.
XSSvBulletin.
before.
3.
0.
9.
XSSVCard.
Pro.
Create.
PHP.
XSSViewCVS.
CGI.
viewcvs.
cgi.
url.
Parameter.
XSSViewCVS.
CGI.
viewcvs.
cgi/viewcvs/.
cvsroot.
Parameter.
XSSViewCVS.
XSS.
VulnViewVC.
viewvc.
cgi.
Search.
Parameter.
XSS.
VulnerabilityVignette.
Server.
Var.
Parameter.
XSS.
vulnerabilityVP-ASP.
Shopping.
Cart.
shopadmin.
asp.
UserName.
Variable.
XSS31CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
W3C.
Jigsaw.
Server.
Error.
Page.
XSSWackoWiki.
XSS.
VulnWBBlog.
Parameter.
Remote.
XSSWeb.
Authoring.
Tools.
Flash.
Files.
XSSWeb.
Server.
XSSWeb.
Server.
Zeus.
XSSWeb.
Wiz.
Forums.
forum_members.
asp.
XSS.
VulnerabilityWeb.
Wiz.
Forums.
Members.
Asp.
XSS.
VulnerabilityWeb.
Wiz.
Forums.
Multiple.
pm_buddy_list.
asp.
XSSWeb.
Wiz.
Forums.
XSS.
VulnerabilityWebCalendar.
colors.
php.
color.
XSSWebcalendar.
week.
php.
url.
Parameter.
XSSWebCalendar.
week.
php.
user.
XSSWebChat.
XSS.
VulnWebmi.
Cgi.
Page.
Parsing.
XSSWebmin.
Search.
Parameter.
XSSweb_app:Inktomi.
Traffic.
Server.
XSSweb_app:URI.
Request.
XSSweb_client:Mozilla.
Browsers.
CSS.
moz-binding.
XSSweb_server:HTTP.
URI.
Script.
XSSWordPress.
All-in-One.
Event.
Calendar.
Plugin.
XSS.
VulnerabilitiesWordPress.
cformsII.
Plugin.
rs.
and.
rsargs.
XSSWordpress.
Count.
per.
Day.
Plugin.
Multiple.
XSS.
VulnsWordPress.
Count.
Per.
Day.
Plugin.
XSSWordpress.
Default.
Theme.
Admin.
XSSWordPress.
mb.
miniAudioPlayer.
Plugin.
XSS.
VulnerabilitiesWordPress.
Occasions.
Plugin.
XSSWordpress.
PHP.
Application.
XSSWordPress.
Platinum.
SEO.
Pack.
Plugin.
s.
Parameter.
XSS.
VulnWordPress.
post.
php.
XSSWordPress.
Prior.
to.
3.
5.
2.
Multiple.
XSS.
VulnerabilitiesWordPress.
RSS.
Feed.
Generator.
self_link.
HTTP_HOST.
XSSWordPress.
Simply.
Poll.
Plugin.
XSSWordPress.
TinyMCE.
Color.
Picker.
Plugin.
XSS.
and.
Bypass.
VulnWordPress.
Traffic.
Analyzer.
Plugin.
aoid.
Parameter.
XSS.
VulnWordPress.
WP-Cumulus.
Plugin.
tagcloud.
swf.
XSSWordPress.
WP.
Banners.
Lite.
Plugin.
XSSWordPress.
WP.
E.
Commerce.
Plugin.
cart.
message.
XSSWordPress.
Wptitle.
XSSWordPress.
XSS.
HTML.
Injection.
SQL.
InjectionWordPress.
XSS.
SQL.
Injection32CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
WordPress.
XSS.
VulnerabilityWowBB.
XSS.
SQL.
InjectionWrensoft.
Zoom.
Search.
Engin.
search.
php.
zoom_query.
Variable.
XSSXAMPP.
for.
Windows.
Multiple.
XSS.
and.
SQL.
InjectionXitami.
XSS.
VulnerabilityXMB.
XSSXOOPS.
Dictionary.
Module.
XSSXoops.
glossaire-aff.
php.
XSSXOOPS.
misc.
php.
Query.
String.
XSSXoops.
myheader.
php.
URL.
XSSXoops.
Viewtopic.
php.
XSSXSS.
Vulnerabilities.
In.
Common.
Shockwave.
Flash.
FilesYaBB.
index.
php.
Password.
Field.
XSS.
VulnerabilityYaBB.
pl.
XSS.
And.
Administrative.
CommandsYACY.
Peer-To-Peer.
Search.
Engine.
XSSYoast.
Google.
Analytics.
For.
WordPress.
Plugin.
XSSZeroboard.
XSSZeus.
4.
2r2.
vs_diag.
cgi.
server.
variable.
XSS.
vulnerabilityZeus.
Admin.
Server.
index.
fcgi.
section.
Parameter.
XSSZOHO.
ManageEngine.
ADSelfService.
Plus.
SearchString.
XSSINTRUSHIELDHTTP:AdobeFlashPlayerAdobeFlashPlayerXSSExceptionsVulnerability(CVE-2014-0531)HTTP:AdobeFlashPlayerAdobeFlashPlayerXSSMarshallingDataVulnerability(CVE-2014-0533)HTTP:AdobeFlashPlayerXSSVulnerabilityHTTP:AdobeFlashPlayerXSSvulnerability(CVE-2014-0509)HTTP:AdobeFlashPlayerXSSVulnerability(CVE-2014-0503)HTTP:AdobeReaderFDFAfterBeforeXSSVulnerabilityHTTP:AdvantechWebAccessHMIandSCADASoftwareXSSHTTP:ApacheSSIXSSExploitHTTP:ApacheWicketXSSVulnerabilityHTTP:CrossSiteScripting-AdobeReaderFirefoxXSSVulnerabilityHTTP:CrossSiteScripting-ApacheSSIXSSExploitHTTP:CrossSiteScripting-ApacheTomcatServletMappingXSSScriptingHTTP:CrossSiteScripting-MicrosoftForefrontUAGMobilePortalXSSVulnerabilityHTTP:CrossSiteScripting-MicrosoftForefrontUAGSignurlXSSVulnerabilityHTTP:CrossSiteScripting-MicrosoftForefrontUAGXSSVulnerability33CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
HTTP:CrossSiteScripting-MicrosoftFrontPageServerExtensionsXSSScriptingVulnerabilityHTTP:CrossSiteScripting-WordPressRSSFeedGeneratorself_linkHTTP_HOSTXSSScriptingHTTP:HTTPSCCMXSSJavascriptInjectionHTTP:InternetExplorerNavigationCancelPageXSSHTTP:InterWovenWorkDocsXSSVulnerabilityHTTP:MicrosoftAntiXSSLibraryBypassVulnerabilityHTTP:MicrosoftDefaultReflectedXSSVulnerabilityHTTP:MicrosoftExcelTableReflectedXSSVulnerabilityHTTP:MicrosoftExcelTableResponseSplittingXSSVulnerabilityHTTP:MicrosoftExchangeOWAXSSandSpoofingVulnerabilityHTTP:MicrosoftIEXSSFilterInformationDisclosureVulnerabilityHTTP:MicrosoftIISForm_JScript.
aspXSSHTTP:MicrosoftInternetExplorerPrintTableofLinksLocalZoneXSSVulnerabilityHTTP:MicrosoftInternetExplorerShift_JISEncodingXSSVulnerabilityHTTP:MicrosoftLyncServerXSSVulnerability(CVE-2014-1823)HTTP:MicrosoftReportViewerControlXSSVulnerabilityHTTP:MicrosoftSharepointContactDetailsXSSElevationofPrivilegeVulnerabilityHTTP:MicrosoftSharepointXSSElevationofPrivilegeVulnerabilityHTTP:MicrosoftSharepointXSSElevationofPrivilegeVulnerabilityIIHTTP:MicrosoftSharePointXSSininplview.
aspxVulnerabilityHTTP:MicrosoftSharePointXSSinScriptresx.
ashxVulnerabilityHTTP:MicrosoftSharePointXSSinthemeweb.
aspxVulnerabilityHTTP:MicrosoftSharePointXSSinwizardlist.
aspxVulnerabilityHTTP:MicrosoftSQLServerReflectedXSSPrivilegeEscalationHTTP:MicrosoftWindowsRemoteDesktopWebAccessXSSVulnerabilityHTTP:OperahistorysearchXSSHTTP:POSTXSSVulnerabilityHTTP:VisualStudioXSSVulnerabilityPrivilegeElevationHTTP:XSSVulnerabilityInSharePoint(CVE-2014-1754)SIP:SIPheaderXSSInjectionVulnerabiltySMTP:IBMLotusNotesXSSVulnerabilityTELNET:XSSAttemptviaTelnetUserNameDetectedHTTP:ApacheSSIXSSExploit(0x40217300)HTTP:IISIndexServerCross-siteScripting(0x4022d700)HTTP:InformationDisclosureinASP.
NET2.
0HTTP:MicrosoftFrontPageServerExtensionsCrossSiteScriptingVulnerability(0x4022b500)MTIS07-174-AMSSharePointXSSSMTP:MS06-029OutlookWebAccessCross-SiteScripting(0x4040ab00)SMTP:MicrosoftOutlookWebAccessCrossSiteScriptingNETSCREEN34CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
APP:ACPROXY-XSS-INJECTAPP:CISCO:VIDEO-SURVEILANCE-XSSAPP:HP-LASERJET-EWS-XSSAPP:HPOV:NNM-XSSAPP:IBM:LOTUS-NOTES-XSSAPP:IBM:TIV-SCHEDULEPARAM-XSSAPP:MCAFEE-EPOLICY-XSSAPP:ORACLE:ISQL-XSSAPP:ORACLE:RAPID-WEBSRV-XSSAPP:PROXY:ACPROXY-XSS-INJECTAPP:SAP:WEBAPP-SERV-XSSAPP:SYMC:MGM-CONSOLE-XSSAPP:TMIC:INTERSCAN-XSSAPP:TRENDMICRO-ISMSS-XSSCHAT:YIM:XSSCHAT:YIM:YHOO-XSSHTTP:XSS:HTML-SCRIPT-IN-URL-PRMHTTP:APACHE:TOMCAT-CAL2JSP-XSSHTTP:CGI:OMNIHTTPD-REDIR-XSSHTTP:CHKP:VPN1-UTM-XSSHTTP:CISCO:CSUSERCGIXSSHTTP:CISCO:LINKSYS-WRT54GL-XSSHTTP:CISCO:UNIFIED-XSSHTTP:CISCO:UNIFIED-XSS-2HTTP:COBALT:SERVICE-CGI-XSSHTTP:COLDFUSION:MX7-XSSHTTP:FRONTPAGE:FP-XSSHTTP:IIS:ASP-XSS-FLAWHTTP:IIS:MS-RD-WEB-ACCESS-XSSHTTP:IIS:MS-REPORT-VIEWER-XSSHTTP:IIS:SHAREPOINT-2010-XSSHTTP:IIS:SHAREPOINT-MUL-XSSHTTP:IIS:SHAREPOINT-XSSHTTP:IIS:SP-SCRIPTRESX-XSSHTTP:IIS:XSS-IIS-ASPHTTP:MCAFEE-EPOLICY-XSSHTTP:ORACLE:GLASSFISH-MUL-XSSHTTP:OWA:OWA-CSSHTTP:PHP:OPEN-REALITY-XSS-SQLIHTTP:PHP:PHPNUKE:BOOKMARKS-XSSHTTP:PHP:STRIP-TAGS-XSS35CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
HTTP:PKG:IPLANET-XSS-ROOTHTTP:SQL:INJ:ORA-REPT-XSSHTTP:SQL:INJECTION:ORA-REPT-XSSHTTP:STC:ADOBE:ACROBAT-XSSHTTP:STC:ADOBE:FLASH-PLAYER-XSSHTTP:STC:ADOBE:PDF-GOTO-XSSHTTP:STC:ADOBE:PDF-XML-XSSHTTP:STC:ADOBE:SWF-FILE-XSSHTTP:STC:ADOBE:SWF-UNVRSL-XSSHTTP:STC:HTML-HTW-XSSHTTP:STC:IE:8-XSS-FILTERHTTP:STC:IE:ANTIXSS-INFO-DISCHTTP:STC:IE:BACKTOJPU-XSSHTTP:STC:IE:CSS-XSSHTTP:STC:IE:DHTML-EDIT-XSSHTTP:STC:IE:EUC-JP-XSSHTTP:STC:IE:HTML-XSSHTTP:STC:IE:OWA-XSSHTTP:STC:IE:TOSTATIC-XSSHTTP:STC:IE:UNIV-XSSHTTP:STC:IE:XSS-FILTER-DISCHTTP:STC:MCAFEE:EPOLICY-XSSHTTP:STC:MOZILLA:RSS-SCRIPT-INJHTTP:STC:OPERA:LINKS-PANEL-XSSHTTP:STC:SAFARI:WEBKIT-XSSHTTP:STC:SHAREPOINT-XSSHTTP:TOMCAT:SC-XSSHTTP:WEBLOGIC:BEA-ADMIN-CON-XSSHTTP:XSS:ADOBE-COLDF-SEARCHLOGHTTP:XSS:ADOBE-COLDFUSIONHTTP:XSS:AFTERLOGIC-WEBMAIL-PROHTTP:XSS:ANWIKI-XSSHTTP:XSS:APACHE-MOD-NEGOTIATIONHTTP:XSS:APACHE-SSI-XSSHTTP:XSS:ASP-REQ-VALIDATIONHTTP:XSS:ATUTOR-ACONTENTHTTP:XSS:AWAUCTIONSCRIPT-CMSHTTP:XSS:AWSTATS-EXECHTTP:XSS:AXIS-M10-CAMERAHTTP:XSS:BEA-ADMIN-CONSOLEHTTP:XSS:CA-SITEMINDER-OLUNICDE36CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
HTTP:XSS:CISCO-CSDCHTTP:XSS:CISCO-CSUSERCGIXSSHTTP:XSS:CISCO-IOS-ADMINHTTP:XSS:CISCO-SESMHTTP:XSS:CISCO-XSSHTTP:XSS:CISCOWORKS-CSFHSHTTP:XSS:CISCOWORKS-CSFHS-1HTTP:XSS:CMSQLITE-IDHTTP:XSS:COLDFUSION-MX7HTTP:XSS:CPANEL-FILEOPHTTP:XSS:CPANEL-MODULESHTTP:XSS:CSS-HEAPHTTP:XSS:DRUPAL-CUMULASHTTP:XSS:DYNAMICAX-PORTAL-XSSHTTP:XSS:E2-PHOTO-GALLERYHTTP:XSS:FOREFRONT-SIGNURLHTTP:XSS:FRONTPAGE-EXTHTTP:XSS:HDR-REFERRERHTTP:XSS:HP-INSIGHT-ONLINEHTTP:XSS:HP-INTELLIGENT-MNGTHTTP:XSS:HP-SEARCH-XSSHTTP:XSS:HTML-HTWHTTP:XSS:HTML-SCRIPT-IN-AEHTTP:XSS:HTML-SCRIPT-IN-ALHTTP:XSS:HTML-SCRIPT-IN-COOKIEHTTP:XSS:HTML-SCRIPT-IN-HOSTHTTP:XSS:HTML-SCRIPT-IN-POSTHTTP:XSS:HTML-SCRIPT-IN-UAHTTP:XSS:HTML-SCRIPT-IN-URL-PRMHTTP:XSS:HTML-SCRIPT-IN-URL-PTHHTTP:XSS:HTML-SCRIPT-IN-URL-VARHTTP:XSS:HTW-XSSHTTP:XSS:IBM-LOTUS-DOMINO-XNSFHTTP:XSS:IBM-LOTUS-NOTES-TRAVHTTP:XSS:IBM-LOTUS-SIMPLESEARCHHTTP:XSS:IBM-OPEN-ADMINHTTP:XSS:IBM-RATIONAL-CLEARCASEHTTP:XSS:IE-BACKTOJPUHTTP:XSS:IE-DHTML-EDITHTTP:XSS:IE7-XSSHTTP:XSS:IIS-ASP37CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
HTTP:XSS:INMAGIC-DBTWPUBHTTP:XSS:IPLANET-ROOTHTTP:XSS:ISA-AUTH-XSSHTTP:XSS:JAVA-COM-EXPHTTP:XSS:JAVA-IDENTITY-MGRHTTP:XSS:JOOMLA-CITYHTTP:XSS:JOOMLA-COM-RESMANHTTP:XSS:LDAP-ACCOUNT-MGRHTTP:XSS:LINKSYS-WIRELESSHTTP:XSS:MAILMAN-ADMINHTTP:XSS:MAILMAN-OPTIONSHTTP:XSS:MC-CONTENT-MANAGERHTTP:XSS:MERCURY-BOARDHTTP:XSS:MS-CSHTTP:XSS:MS-FOREFRONT-DEFAULTHTTP:XSS:MS-FOREFRONT-EXCEL-TBLHTTP:XSS:MS-FOREFRONT-INFO-DISCHTTP:XSS:MS-IE-TOSTATICHTMLHTTP:XSS:MS-LYNC-SERVERHTTP:XSS:MS-OUTLOOK-REDIR-ASPHTTP:XSS:MS-REPORT-MANAGERHTTP:XSS:MS-REPORT-VIEWERHTTP:XSS:MS-SCCM-REFLECTEDHTTP:XSS:MS-SCOM-WEB-CONSOLEHTTP:XSS:MS-SHAREPOINT-PARAMHTTP:XSS:MS-VSTWAC-TFSHTTP:XSS:MS-W3WHO-XSSHTTP:XSS:MUL-RECORDPRESSHTTP:XSS:NAGIOS-XI-ALERT-CLOUDHTTP:XSS:NASA-TRACEHTTP:XSS:NOVELL-QUICKFINDERHTTP:XSS:OMNIHTTPD-REDIRHTTP:XSS:ORACLE-BIEE-XSSHTTP:XSS:ORACLE-GLASSFISHHTTP:XSS:ORACLE-RAPID-WEBSRVHTTP:XSS:ORACLE-REPORT-SVRHTTP:XSS:OUTLOOK-WEBHTTP:XSS:OUTLOOK-WEB-ACCESSHTTP:XSS:PACER-EDITION-EMAILHTTP:XSS:PHPNUKE-BOOKMARKSHTTP:XSS:PHPWEBSITE-PAGE-ID38CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
HTTP:XSS:REALPLAYER-SMILHTTP:XSS:ROBOHELP-XSSHTTP:XSS:SERVICE-CGIHTTP:XSS:SHARE-XSSHTTP:XSS:SHAREPOINT-CALLBACKHTTP:XSS:SHAREPOINT-COMMANDHTTP:XSS:SHAREPOINT-EDITFORMHTTP:XSS:SHAREPOINT-INPLVIEWHTTP:XSS:SHAREPOINT-LIST-XSSHTTP:XSS:SHAREPOINT-THEMEWEBHTTP:XSS:SHAREPOINT-USERHTTP:XSS:SHAREPOINT-WIZARDLISTHTTP:XSS:SHAREPOINT-XSSHTTP:XSS:SHAREPOINT-XSS-2HTTP:XSS:SUBRION-CMSHTTP:XSS:SUSPICIOUS-SCANHTTP:XSS:SYM-GATEWAY-PHP-PAGEHTTP:XSS:SYM-IM-MANAGERHTTP:XSS:SYMANTEC-WGHTTP:XSS:SYNDEO-CMS-ADDONSHTTP:XSS:TECHSMITH-SWFHTTP:XSS:TM-REQUEST-FORGERYHTTP:XSS:TOMCAT-JSPHTTP:XSS:URL-IMG-XSSHTTP:XSS:US-ROBOTICS-FIRMWAREHTTP:XSS:VBULLETIN-SORTHTTP:XSS:VBULLETIN-SORTORDERHTTP:XSS:WEB-VIEW-DOC-SCR-INJHTTP:XSS:WEBPAGE-URLHTTP:XSS:WHITE-LABEL-CMSHTTP:XSS:WP-AJAX-CALENDARHTTP:XSS:WP-AJAX-CATEGORYHTTP:XSS:WP-AJAX-RECENT-POSTSHTTP:XSS:WP-COMICPRESSHTTP:XSS:WP-DAILY-MAUI-PHOTOHTTP:XSS:WP-ESHOPHTTP:XSS:WP-GAZETTE-THEMEHTTP:XSS:WP-IGIT-POSTSHTTP:XSS:WP-INLINE-GALLERYHTTP:XSS:WP-LAZYEST-GALLERYHTTP:XSS:WP-LIVE-WIRE-THEME39CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
HTTP:XSS:WP-LOCAL-MARKET-EXPHTTP:XSS:WP-PHOTO-ALBUMHTTP:XSS:WP-PHOTORACERHTTP:XSS:WP-PHOTOSMASH-GALHTTP:XSS:WP-PLACESTERHTTP:XSS:WP-RATING-WIDGETHTTP:XSS:WP-SERMON-BROWSERHTTP:XSS:WP-SOCIALGRIDHTTP:XSS:WP-STATS-DASHBOARDHTTP:XSS:WP-UNIVERSAL-POSTHTTP:XSS:WP-WOOTHEMESHTTP:XSS:WP-YT-AUDIOHTTP:XSS:WP-ZOTPRESSHTTP:XSS:X-FORWARDED-FOR-INJHTTP:XSS:XOOPS-MULTHTTP:XSS:XOOPS-VIEW-PHOTOS-PHPHTTP:XSS:YOAST-WPHTTP:XSS:ZEN-CARTSCAN:DARKD0RK3R-XSSSCAN:RPVS:XSS-URLSMTP:HTML-VAL-XSSSMTP:IBM-LOTUS-NOTES-XSSSMTP:MAL:SQM-CONTENT-XSSSMTP:MAL:XSS-URL-IN-EMAILSMTP:OUTLOOK:OWA-XSSSMTP:OVERFLOW:SQRLMAIL-HDR-INJSSL:MGM-CONSOLE-XSSPALOALTOAdobeColdfusionXSSVulnerabilyAdobeColdfusion8XSSVulnerabilyAdobeColdfusion8XSSVulnerabily(32525)AdobeColdfusionXSSVulnerabilyAdobeColdfusionXSSVulnerabily(32526)AdobeFlashPlayerMovieClipLoaderXSSVulnerabilityAdobeFlashPlayerMovieClipLoaderXSSVulnerability(34378)AdobeFlashPlayerXSSVulnerabilityApacheSSIErrorPageXSSVulnerabilityApacheSSIErrorPageXSSVulnerability(31910)40CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
ApacheWicketUnspecifiedXSSVulnerabilityCiscoUnifiedOperationsManagerCommonServicesDeviceCenterXSSVulnerabilityCiscoWorksCommonServicesFrameworkHelpServletXSSVulnerabilityGenericpromptXSSvulnerabilityInterWovenWorkDocsXSSVulnerability(31064)MicrosoftASP.
Net1.
1XSSProtectionBypassVulnerabilityMicrosoftASP.
Net1.
1XSSProtectionBypassVulnerability(31943)MicrosoftDynamicsAXEnterprisePortalXSSVulnerabilityMicrosoftDynamicsAXEnterprisePortalXSSVulnerability(34825)MicrosoftExchangeOWAXSSandSpoofingVulnerabilityMicrosoftExchangeOWAXSSandSpoofingVulnerability(31176)MicrosoftForefrontUnifiedAccessGatewayDefaultReflectedXSSVulnerabilityMicrosoftForefrontUnifiedAccessGatewayDefaultReflectedXSSVulnerability(34479)MicrosoftForefrontUnifiedAccessGatewayExcelTableResponseSplittingXSSVulnerabilityMicrosoftForefrontUnifiedAccessGatewayExcelTableResponseSplittingXSSVulnerability(34482)MicrosoftIIS5.
0Form_JScript.
aspXSSVulnerabilityMicrosoftIIS5.
0Form_JScript.
aspXSSVulnerability(32775)MicrosoftInternetExplorerNavigationCancelPageXSSVulnerabilityMicrosoftInternetExplorerNavigationCancelPageXSSVulnerability(33464)MicrosoftInternetExplorerPrintTableXSSVulneraiblityMicrosoftInternetExplorerPrintTableXSSVulneraiblity(34302)MicrosoftSharePointinplview.
aspxXSSVulnerabilityMicrosoftSharePointinplview.
aspxXSSVulnerability(34620)MicrosoftSharePointthemeweb.
aspxXSSVulnerabilityMicrosoftSharePointthemeweb.
aspxXSSVulnerability(34621)MicrosoftSharePointwizardlist.
aspxXSSVulnerabilityMicrosoftSharePointwizardlist.
aspxXSSVulnerability(34623)MicrosoftSQLServerReportingServicesReflectedXSSVulnerabilityMicrosoftSQLServerReportingServicesReflectedXSSVulnerability(35060)MicrosoftSystemCenterConfigurationManagerXSSVulnerabilityMicrosoftSystemCenterConfigurationManagerXSSVulnerability(34998)MicrosoftSystemCenterOperationsManagerWebConsoleXSSVulnerabilityMicrosoftUnifiedAccessGatewayMobilePortalWebsiteXSSVulnerabilityMicrosoftUnifiedAccessGatewayMobilePortalWebsiteXSSVulnerability(33567)MicrosoftUnifiedAccessGatewaySignurl.
aspXSSVulnerabilityMicrosoftUnifiedAccessGatewaySignurl.
aspXSSVulnerability(33568)MicrosoftUnifiedAccessGatewayXSSAllowsEscalationofPrivilegesVulnerabilityMicrosoftUnifiedAccessGatewayXSSAllowsEscalationofPrivilegesVulnerability(33564)MicrosoftWindowsMHTMLMime-FormattedRequestXSSVulnerabilityMicrosoftWindowsMHTMLMime-FormattedRequestXSSVulnerability(34109)OracleGlassFishEnterpriseServerXSSVulnerability41CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
SAPInternetTransactionServerwgate.
dll~serviceParameterXSSVulnerabilitySAPInternetTransactionServerwgate.
dll~serviceParameterXSSVulnerabilitySAPInternetTransactionServerwgate.
dll~serviceParameterXSSVulnerability(31937)SymantecMessagingGatewayManagementConsoleXSSVulnerabilityYahooWebEmailXSSVulnerabilityYahooWebEmailXSSVulnerability(32534)SNORTATTACK-RESPONSESsuccessfulcrosssitescriptingforceddownloadattemptAPP-DETECTAcunetixwebvulnerabilityscannerbase64XSSattemptAPP-DETECTAcunetixwebvulnerabilityscannerXSSattemptBROWSER-CHROMEGoogleChromenet-internalsurifragmentidentifierXSSattemptBROWSER-IEMicrosoftInternetExplorer8XSSintoStaticHTMLAPIattemptBROWSER-IEMicrosoftInternetExplorerinvalidShift_JIScharacterxssattemptBROWSER-IEMicrosoftInternetExplorertoStaticHTMLXSSattemptBROWSER-IEMicrosoftInternetExplorerXSRFtimingattackagainstXSSfilterBROWSER-IEMicrosoftmultipleproducttoStaticHTMLXSSattemptFILE-OTHERMicrosoftWindowsMHTMLXSSattemptOS-WINDOWSMicrosoftCertificationserviceXSSattemptOS-WINDOWSMicrosoftForeFrontUAGExcelTable.
aspXSSattemptOS-WINDOWSMicrosoftSCCMReportChartxssattemptOS-WINDOWSMicrosoftWindowsMHTMLXSSattemptPROTOCOL-VOIPCall-IDheaderXSSinjectionattemptPROTOCOL-VOIPContactheaderXSSinjectionattemptPROTOCOL-VOIPFromheaderXSSinjectionattemptPROTOCOL-VOIPSubjectheaderXSSinjectionattemptPROTOCOL-VOIPToheaderXSSinjectionattemptSERVER-MAILMicrosoftWindowsExchangeOWAXSSandspoofingattemptSERVER-OTHERMcAfeeePolicyOrchestratorXSSattemptSERVER-OTHERPaloAltoNetworksFirewalleditUser.
espXSSattemptSERVER-WEBAPPDevellionCubeCartmultipleparameterXSSvulnerabilitySERVER-WEBAPPDrupalVideoWhisperWebcampluginXSSattemptSERVER-WEBAPPHPInsightDiagnosticsXSSattemptSERVER-WEBAPPJiveSoftwareOpenfireaudit-policy.
jspXSSattemptSERVER-WEBAPPJiveSoftwareOpenfiregroup-summary.
jspXSSattemptSERVER-WEBAPPJiveSoftwareOpenfirelog.
jspXSSattemptSERVER-WEBAPPJiveSoftwareOpenfirelogviewer.
jspXSSattemptSERVER-WEBAPPJiveSoftwareOpenfiremuc-room-edit-form.
jspXSSattemptSERVER-WEBAPPJiveSoftwareOpenfireserver-properties.
jspXSSattemptSERVER-WEBAPPJiveSoftwareOpenfireuser-properties.
jspXSSattempt42CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
SERVER-WEBAPPLongTailVideoJWPlayerXSSattemptlinkparamSERVER-WEBAPPMicrosoftASP.
NETimpropercommenthandlingXSSattemptSERVER-WEBAPPMicrosoftOfficeSharePointJavascriptXSSattemptSERVER-WEBAPPMicrosoftOfficeSharePointXSSvulnerabilityattemptSERVER-WEBAPPMicrosoftSharePointXSSSERVER-WEBAPPraSMPUser-AgentXSSinjectionattemptSERVER-WEBAPPWordPressXSSfs-admin.
phpinjectionattemptWEB-CLIENTIBMTivoliEndpointManagerWebReportsxssattemptSOURCEFIREATTACK-RESPONSESsuccessfulcrosssitescriptingforceddownloadattemptWEB-MISCQuicktimeUser-AgentbufferoverflowattemptWEB-PHPmodules.
phpaccessWEB-CGIEmumailemumail.
fcgiaccessWEB-MISCsresult.
exeaccessWEB-MISCsambar/search/results.
stmaccessAPP-DETECTAcunetixwebvulnerabilityscannerpromptXSSattemptBROWSER-IEMicrosoftInternetExplorer8toStaticHTMLXSSattemptBROWSER-IEMicrosoftInternetExplorerXSSmouseeventPIIdisclosureattemptEXPLOITIE8XSSintoStaticHTMLAPIattemptEXPLOITjavascripthandlerinURIXSSattemptEXPLOITMicrosoftForefrontUAGjavascripthandlerinURIXSSattemptEXPLOITMicrosoftInternetExplorer8XSSintoStaticHTMLAPIattemptEXPLOITMicrosoftInternetExplorerXSRFtimingattackagainstXSSfilterEXPLOITMicrosoftSharepointJavascriptXSSattemptEXPLOITMicrosoftSharePointXSSEXPLOITMicrosoftSharepointXSSvulnerabilityattemptFILE-FLASHAdobeFlashPlayermarshallExceptionthroughJavaScriptXSSattemptFILE-FLASHAdobeShockwaveFlashFlexauthoringtoolXSSexploitattemptFILE-OFFICEMicrosoftOfficeSharePointXSSattemptFILE-OTHERMicrosoftMHTMLXSSattemptORACLEBPELprocessmanagerXSSinjectionattemptOS-WINDOWSMicrosoftForefrontUAGjavascripthandlerinURIXSSattemptOS-WINDOWSMicrosoftForefrontUAGURLXSSalternateattemptOS-WINDOWSMicrosoftReportViewerreflectXSSattemptOS-WINDOWSMicrosoftWindowsForefrontUAGURLXSSattemptOS-WINDOWSMicrosoftWindowsHelpCentreescapesequenceXSSattempt43CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
SERVER-ORACLEBPELprocessmanagerXSSinjectionattemptSERVER-OTHERIBMTivoliEndpointManagerWebReportsxssattemptSERVER-OTHERMicrosoftSharePointXSSattemptSERVER-WEBAPPCiscoCommonServicesDeviceCenterXSSattemptSERVER-WEBAPPCiscoCommonServicesHelpservletXSSattemptSERVER-WEBAPPIBMSystemStorageDSstoragemanagerprofilerXSSattemptSERVER-WEBAPPJavaScripttaginUser-AgentfieldpossibleXSSattemptSERVER-WEBAPPMicrosoftOfficeSharePointquery.
iqyXSSattemptSERVER-WEBAPPMicrosoftOfficeSharePointscriptresx.
ashxXSSattemptSERVER-WEBAPPMicrosoftOfficeSharePointthemeweb.
aspxXSSattemptSERVER-WEBAPPMicrosoftOfficeSharePointXSSattemptSERVER-WEBAPPMicrosoftSharePointchartwebpartXSSattemptSERVER-WEBAPPMicrosoftSharepointThemeOverrideXSSAttemptSPECIFIC-THREATSMicrosoftExchangeOWAXSSandspoofingattemptWEB-CLIENTAdobeShockwaveFlashFlexauthoringtoolXSSexploitattemptWEB-CLIENTForefrontUAGURLXSSalternateattemptWEB-CLIENTForefrontUAGURLXSSattemptWEB-CLIENTMicrisoftWindowsForefrontUAGURLXSSattemptWEB-CLIENTMicrosoftCertificationserviceXSSattemptWEB-CLIENTMicrosoftForefrontUAGURLXSSalternateattemptWEB-CLIENTMicrosoftIEXSSmouseeventPIIdisclosureattemptWEB-CLIENTMicrosoftInternetExplorer8toStaticHTMLXSSattemptWEB-CLIENTMicrosoftInternetExplorerXSSmouseeventPIIdisclosureattemptWEB-CLIENTMicrosoftMHTMLXSSattemptWEB-CLIENTMicrosoftReportViewerreflectXSSattemptWEB-CLIENTMicrosoftWindowsForefrontUAGURLXSSattemptWEB-CLIENTMicrosoftWindowsHelpCentreescapesequenceXSSattemptWEB-CLIENTPaloAltoNetworksFirewalleditUser.
espXSSattemptWEB-MISCCiscoCommonServicesDeviceCenterXSSattemptWEB-MISCCiscoCommonServicesHelpservletXSSattemptWEB-MISCMicrosoftForeFrontUAGExcelTable.
aspXSSattemptWEB-MISCMicrosoftSharePointchartwebpartXSSattemptWEB-MISCMicrosoftSharepointthemeweb.
aspxXSSattemptWEB-MISCMicrosoftSharepointXSSattemptWEB-MISCMicrosoftWindowsSharepointXSSattemptTIPPINGPOINTHTTP:MicrosoftSharePointcalendar.
aspxXSSVulnerabilityHTTP:MicrosoftSharePointNewForm.
aspxXSSVulnerability44CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
HTTP:MicrosoftSharePointPicker.
aspxXSSVulnerabilityHTTP:MicrosoftSharePointQueryXSSVulnerabilityHTTP:MicrosoftDynamicsAxXSSVulnerabilityHTTP:MicrosoftSharePointXSSVulnerabilityHTTP:MicrosoftVisualStudioTeamWebAccessXSSVulnerabilityHTTP:KerioMailServerWebMailCross-SiteScriptingHTTP:KerioMailServerWebMailCross-SiteScriptingHTTP:AdobeAcrobatXSSVulnerabilitySMTP:AdobeAcrobatXSSVulnerabilityHTTP:ApacheHostHeaderXSSVulnerabilityHTTP:PHPFileIncludeExploitviaXSSHTTP:cPanelMultipleModuleCrossSiteScriptingHTTP:MicrosoftSharePointCrossSiteScriptingVulnerabilitySMTP:XSSVulnerabilityinCascadingStyleSheetsSMTP:XSSVulnerabilityinFrom:HeaderHTTP:MozillaIFrameXSSHTTP:MicrosoftSharepointHelp.
aspxXSSVulnerabilityHTTP:OracleSecureEnterpriseSearchCrossSiteScriptingTRENDMICROAppleSafariWebarchiveFileFormatUXSSVulnerabilityFlashAuthoringFlexSWFFilesXSSGenericCrossSiteScripting(XSS)PreventionIBMTivoliEndpointManagerWebReportsXSSVulnerabilityInternetExplorerXSSFilterBypassVulnerabilityMailEnableEnterpriseMultipleXSSInjectionVulnerabilitiesMozillaFirefox"HTMLescapedlowsurrogates"XSSAttackMultipleXSSVulnerabilitiesInSunCommunicationsExpressREFERENCESIBMX-ForceQuarterlyReports(2Q2014):https://www14.
software.
ibm.
com/webapp/iwm/web/signup.
dosource=swg-ASEAN_WEB-ORG_Cross&S_PKG=ov24066&S_TACT=102PW99WIBMHostedApplicationSecurityManagement(HASM):Acloud-basedsolutionfordynamictestingofwebapplicationsusingIBMSecurityAppScaninbothpreproductionandproductionenvironments.
HASMservicesincludeadedicatedsecurityanalysttoconfigureandmanagethetesting.
WhiteHatSecurity:https://www.
whitehatsec.
com/45CopyrightIBMCorporation2014.
Allrightsreserved.
IBMandtheIBMlogoaretrademarksorregisteredtrademarksoftheIBMCorporationintheUnitedStates,othercountriesorboth.
Othercompany,productorservicenamesmaybetrademarksorservicemarksofothers.
XSS:https://www.
owasp.
org/index.
php/Cross-site_Scripting_(XSS)I'llnevergetcaught.
I'mPopular.
,10/04/05,-samy:http://namb.
la/popular/XSS:http://www.
acunetix.
com/websitesecurity/xss/OriginofXSS:http://jeremiahgrossman.
blogspot.
com/2006/07/origins-of-cross-site-scripting-xss.
htmlMySpaceworm:http://www.
techspot.
com/news/24226-myspace-speaks-about-samy-kamkars-sentencing.
htmlCONTRIBUTORSMichelleAlvarez-Researcher/Editor,ThreatResearchGroupNickBradley-PracticeLead,ThreatResearchGroupDavidMcMillen,SeniorThreatResearcherLeslieHoracek-X-ForceThreatResponseManagerDISCLAIMERThisdocumentisintendedtoinformclientsofIBMSecurityServicesofathreatordiscoverybyIBMManagedSecurityServicesandmeasuresundertakenorsuggestedbyIBMSecurityServiceTeamstoremediatethethreat.
Thedatacontainedhereindescribingtactics,techniquesandproceduresisclassifiedConfidentialforthebenefitofIBMMSSclientsonly.
Thisinformationisprovided"ASIS,"andwithoutwarrantyofanykind.