Tenable Network Security
Solutions Products Nessus Demos Partners Online Store
Nessus
Download
Plugins
     Newest Plugins
     Obtain an activation code
     View all plugins
     Search
Documentation
Register
Buy Now
ProfessionalFeed Support
Bugs
All the Tenable Products

Plugins: CGI abuses : XSS
CGI Generic HTML Injections (quick test)
FuseTalk usersearchresults.cfm keyword Parameter XSS
FuseTalk categories.aspx FTVAR_SORTORDER Parameter XSS
Oracle BPM Process Administrator tips.jsp context Parameter XSS
MediaWiki profileinfo.php 'filter' Parameter XSS
VMware vCenter Update Manager XSS
Nessus Web Server XSS
CGI Generic Cross-Site Scripting Vulnerability (extended test)
Pligg Search Cross-Site Scripting
FireStats window-add-excluded-ip.php 'edit' parameter XSS
Tomcat 4.1 XSS
Apache Tomcat JSP2 Examples XSS
Wing FTP Server < 3.5.1 XSS
Apache Tomcat Implicit Objects XSS
Splunk 4.x < 4.1.3 404 Response XSS
Microsoft SharePoint Services Help.aspx 'cid0' Parameter XSS
TaskFreak! logout.php tznMessage Parameter XSS
PRTG Traffic Grapher url Parameter Cross-Site Scripting
MoinMoin PageEditor.py template Parameter XSS
ManageEngine ADAudit Plus 'reportList' Parameter XSS
ManageEngine ADManager Plus 'computerName' Parameter XSS
Adobe ColdFusion 'cfadminUserId' XSS (APSB10-11)
Resin resin-admin/digest.php XSS
Ektron CMS400.NET 'workarea/reterror.aspx' info Parameter XSS
CGI Generic Cross Site Scripting (HTTP Headers)
MODx SearchHighlight plugin XSS
Atlassian JIRA 500page.jsp Referer XSS
VMware ESX WebAccess Context Data XSS (VMSA-2010-0005)
ViewVC Regex Search Cross-Site Scripting
DotNetNuke SearchResults.aspx < 5.3.0 XSS
IBM Multiple Products login.php Query String XSS
SAP BusinessObjects viewError.jsp 'error' Parameter XSS
SilverStripe Forums Module 'Search' Parameter XSS
Mort Bay Jetty Multiple XSS
daloRADIUS login.php error Parameter XSS
ClarkConnect proxy.php url Parameter XSS
TestLink login.php req Parameter XSS
e107 submitnews.php Cross-Site Scripting
DotNetNuke SearchResults.aspx < 5.2.0 XSS
GForge help/tracker.php helpname Parameter XSS
Jetty CookieDump.java Sample Application Persistent XSS
Axon Virtual PBX /logon Multiple Parameter XSS
XOOPS misc.php Query String Cross-Site Scripting
CGI Generic Persistent Cross-Site Scripting Vulnerability
PeopleSoft PeopleTools JMS Listening Connector Activity Parameter XSS
ViewVC Invalid Parameter HTML Injection Vulnerability
BuildBot WebStatus waterfall 'branch' Parameter XSS
Adobe ColdFusion <= 8.0.1 Multiple XSS
BASE < 1.4.4 'dir' Parameter Cross-Site Scripting
IBM Rational RequisitePro ReqWebHelp Multiple XSS
Symantec SecurityExpressions Audit and Compliance Server Multiple XSS
Lyris ListManager Multiple XSS
Ektron CMS400.NET id Parameter XSS
Orion Application Server Web Examples Multiple XSS
3CX Phone System login.php Multiple Parameter XSS
Oracle Database Secure Enterprise Search search/query/search search_p_groups Parameter XSS
TinyBrowser Multiple Flaws
CommuniGate Pro WebMail < 5.2.15 XSS
IBM Rational ClearQuest Multiple XSS Flaws
Sun Java Web Console 'helpwindow.jsp' Multiple Cross-Site Scripting Vulnerabilities
Movable Type mt-wizard.cgi set_static_uri_to Parameter XSS
CGI Generic Cross-Site Scripting Vulnerability (quick test)
Kerio MailServer < 6.6.2 Patch 3 / 6.7.0 Patch 1 XSS (KSEC-2009-06-08-01)
Joomla! JA_Purity Template Multiple Cross-Site Scripting Vulnerabilities
DotNetNuke ErrorPage.aspx Cross-Site Scripting
Novell GroupWise WebAccess 'User.lang' Cross-Site Scripting
Sun Java System Calendar Server login.wcap Fmt-out Parameter XSS
AXIGEN Webmail < 7.1.0 HTML Body Script Insertion
SquirrelMail contrib/decrypt_headers.php XSS
Project Woodstock 404 Error Page UTF-7 Encoded XSS
Citrix Web Interface 4.6 / 5.0 / 5.0.1 Unspecified XSS
Atmail WebMail < 5.61 webadmin/admin.php Multiple Parameter XSS
Atmail WebMail < 5.6 Email Body Injection
Apache Struts s:a / s:url Tag href Element XSS
BlackBerry Enterprise Server MDS Connection Service XSS
Atlassian JIRA < 3.13.3 DWR 'c0-id' XSS
SAP DB / MaxDB WebDBM Multiple Parameter XSS
Tomcat Sample App cal2.jsp time Parameter XSS (CVE-2009-0781)
Novell GroupWise < 7.03HP2 / 8.0HP1 WebAccess Multiple XSS
ESET Remote Administrator < 3.0.105 Additional Report Settings XSS
Mono ASP.NET action Attribute XSS
Apache Jackrabbit q Parameter XSS
Apache Roller q Parameter XSS
IceWarp Merak Mail Server < 9.4.0 IMG Tag XSS
Kerio MailServer < 6.6.2 Multiple XSS (KSEC-2008-12-16-01)
WordPress wp-includes/feed.php self_link() Function Host Header RSS Feed XSS
MDaemon WorldClient < 10.0.2 Email Handling XSS
HP System Management Homepage < 2.1.15.210 Unspecified XSS
MailMarshal Spam Quarantine Management (SQM) Multiple Component XSS
CiscoWorks Server Common Services Login Page XSS
Cisco Secure Access Control Server (ACS) CSUserCGI.exe Help Facility XSS
MS Site Server < 3.0 formslogin.asp url Parameter XSS
HP System Management Homepage < 2.1.12 Unspecified XSS
CGIWrap Charset Specification Weakness Error Message XSS
Resin viewfile Servlet file Parameter XSS
Adobe Flex 3 History Management historyFrame.html XSS
Lyris ListManager read/search/results words Parameter XSS
dotCMS search-results.dot search_query Variable XSS
XEROX DocuShare dsweb Servlet Multiple XSS
Barracuda Spam Firewall cgi-bin/ldap_test.cgi email Variable XSS
Django Administration Application Login Form XSS
Sun Java System Web Server Search Module XSS
SmarterMail Subject Field XSS
OSSIM Framework session/login.php dest Parameter XSS
BEA Plumtree portal/server.pt name Parameter XSS
ProjectPier index.php Multiple Parameter XSS
F5 BIG-IP Web Management Multiple XSS
Sun Java System Identity Manager Multiple XSS
IceWarp Mail Server admin/index.html message Parameter XSS
Websense Reporting Tools WsCgiLogin.exe username Parameter XSS
NetScaler Web Management ws/generic_api_call.pl standalone Parameter XSS
Mort Bay Jetty Dump Servlet (webapps/test/jsp/dump.jsp) XSS
ht://dig htsearch sort Parameter XSS
ManageEngine OpManager Login.do Multiple Parameter XSS
GForge account/verify.php confirm_hash Parameter XSS
Google Mini Search Appliance search Script ie Parameter XSS
Tomcat Sample App cal2.jsp time Parameter XSS (CVE-2006-7196)
IceWarp Merak Mail Server < 9.0.0 BODY Element XSS
Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
Joomla! com_content Component (components/com_content/content.php) order Parameter XSS
FuseTalk Multiple Script XSS
Apache MyFaces Tomahawk JSF Application autoscroll Multiple XSS
Tomcat snoop.jsp URI XSS
HP System Management Homepage < 2.1.2 Unspecified XSS
Tomcat Sample App hello.jsp test Parameter XSS
CommuniGate Pro WebMail w/ MSIE STYLE Tag XSS
Horde NLS.php Language Selection new_lang Parameter XSS
ColdFusion MX Null Byte Tag Cross-Site Scripting Protection Bypass
ColdFusion Web Server User-Agent HTTP Header Error Message XSS
CuteNews 1.4.5 Multiple Script XSS
IBM WebSphere Application Server SOAP Connector Error Page XSS
Sun Secure Global Desktop / Tarantella < 4.20.983 Multiple XSS
SAP Internet Transaction Server wgate Multiple Parameter XSS
Web Server Expect Header XSS
Horde < 3.0.11 / 3.1.2 Multiple Script XSS
mvnForum activatemember Multiple Parameter XSS
UBB.threads ubbthreads.php debug Parameter XSS
Pubcookie Login Server index.cgi XSS
ArGoSoft Mail Server Pro Webmail viewheaders Multiple Field XSS
NeoMail neomail.pl sort Parameter XSS
Snitz Forums 2000 post.asp type Parameter XSS
Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
phpBB < 2.0.19 Multiple XSS
WebWasher < 4.4.1 Build 1613 Multiple XSS
CubeCart < 3.0.4 Multiple Script XSS
Guppy Multiple HTTP Header XSS
WEBppliance ocw_login_username Parameter XSS
Open WebMail sessionid Parameter XSS
Lotus Domino Multiple Script Src / BaseTarget XSS
phpGroupWare Main Screen Message Body XSS
Greymatter Comment Name Field Control Panel Log XSS
CMSimple Guestbook Module index.php XSS
CMSimple index.php search Function XSS
Sawmill < 7.1.14 GET Request Query String XSS
Dada Mail Archived Message XSS
PHP-Fusion BBCode Nested URL Tag XSS
ATutor 1.5.1 Multiple Script XSS
Phorum register.php Username Field XSS
phpMyAdmin < 2.6.4 Multiple XSS
phpGraphy EXIF Data XSS
PhotoPost PHP Pro EXIF Data XSS
Gallery EXIF Data XSS
Coppermine Photo Gallery EXIF Data XSS
BMForum Multiple Script XSS
Ultimate PHP Board 1.9.6 GOLD Multiple Scripts XSS (1)
Ultimate PHP Board 1.9.6 GOLD Multiple Scripts XSS (2)
JAWS Glossary Gadget Multiple XSS
AutoIndex PHP Script index.php search Variable XSS
Fusebox index.cfm fuseaction Parameter XSS
GForge <= 4.5 Multiple Script XSS
Advanced Guestbook User-Agent Header HTML Injection
Gossamer Threads Links < 3.0.4 Multiple Script XSS
Gossamer Threads Links user.cgi url Parameter XSS
Novell GroupWise WebAccess E-Mail IMG SRC XSS
SiteMinder 5.5 Multiple Script XSS
MediaWiki Page Move Template XSS
phpBB2 Plus <= 1.52 Multiple XSS
cPanel cpsrvd.pl user Parameter XSS
osCommerce application_top.php Multiple Parameter HTTP Response Splitting
DotNetNuke < 3.0.12 Multiple XSS
MediaWiki Page Template Inclusions HTML Attributes XSS
BookReview 1.0 Multiple Script XSS
SqWebMail redirect Parameter CRLF Injected XSS
Sambar Server Administrative Interface Multiple XSS
mvnForum Search Parameter XSS
ASP-DEv XM Forum post.asp IMG Tag XSS
SurgeMail <= 3.0c2 Multiple XSS
Skull-Splitter Guestbook Multiple Field XSS
Woltlab Burning Board pms.php folderid Parameter XSS
PwsPHP profil.php id Parameter XSS
RSA Security RSA Authentication Agent For Web For IIS XSS
Invision Power Board index.php Multiple Parameter XSS
RM SafetyNet Plus snpfiltered.pl u Parameter XSS
Serendipity BBCode Plugin XSS
IMP common-footer.inc Parent Frame Page Title XSS
Horde Turba common-footer.inc Parent Frame Page Title XSS
Horde Nag common-footer.inc Parent Frame Page Title XSS
Horde Mnemo common-footer.inc Parent Frame Page XSS
Horde Turba Contact Manager common-footer.inc Parent Frame Page Title XSS
Horde Chora common-footer.inc Page Title XSS
WebcamXP Chat Name XSS
Coppermine Photo Gallery init.inc.php X-Forwarded-For XSS
IlohaMail read_message.php Attachment Multiple Field XSS
sphpblog search.php q Parameter XSS
Pinnacle Cart index.php pg Parameter XSS
Comersus Cart comersus_searchItem.asp curPage Parameter XSS
PostNuke < 0.760 RC4 Multiple Script XSS
ProfitCode PayProCart usrdetails.php sgnuptype Parameter XSS
Comersus Cart Account Username Field XSS
SonicWALL SOHO Web Interface XSS
phpMyAdmin index.php convcharset Parameter XSS
Mailreader network.cgi enriched/richtext MIME Message XSS
Horde Parent Frame Page Title XSS
CPG Dragonfly Multiple XSS
phpMyDirectory review.php subcat Parameter XSS
PHPSysInfo < 2.5 Multiple Script XSS
Invision Power Board HTTP POST Request IFRAME Tag XSS
Kayako eSupport Troubleshooter Module index.php Multiple Parameter XSS
PunBB profile.php Multiple Parameter XSS
Phorum < 5.0.15 Multiple XSS
paBox pabox.php posticon Parameter XSS
YaBB YaBB.pl usersrecentposts Action username Parameter XSS
PHP-Fusion BBCode IMG Tag XSS
CuteNews <= 1.3.6 Multiple XSS
Verity Ultraseek Search Request XSS
phpMyAdmin < 2.6.1 pl2 Libraries and Themes Multiple XSS
Invision Power Board COLOR SML Tag XSS
Zeroboard < 4.1pl6 Multiple XSS
paNews comment.php showpost Parameter XSS
osCommerce contact_us.php enquiry Parameter XSS
Kayako eSupport index.php nav Parameter XSS
Open WebMail openwebmail.pl logindomain Parameter XSS
SunShop Shopping Cart index.php search Parameter XSS
Claroline add_course.php Multiple Parameter XSS
ht://Dig htsearch.cgi config Parameter XSS
Mambo Site Server mos_change_template XSS
SmarterTools SmarterMail Attachment Upload XSS
vBulletin BB Tag XSS
ExBB Netsted BBcode XSS
pLog register.php Multiple Parameter XSS
Bugzilla Internal Error Response XSS
BiTBOARD IMG BBCode Tag XSS
Novell GroupWise 6.5.3 WebAccess Multiple XSS
Siteman forum.php page Parameter XSS
Horde < 3.0.1 Multiple Script XSS
phpGroupWare index.php Calendar Date XSS
MySQL Eventum Multiple Script XSS
YaCy Peer-To-Peer Search Engine XSS
ArGoSoft Mail Server Unspecified XSS
CVSTrac < 1.1.5 Multiple XSS
UseModWiki wiki.pl XSS
UBB.threads < 6.5.1 Multiple XSS
PunBB URL Quote Tag XSS
PunBB profile.php XSS
PunBB < 1.1.2 install.php XSS
PunBB IMG Tag Client Side Scripting XSS
Serendipity compat.php searchTerm Parameter XSS
Apache Jakarta Lucene results.jsp XSS
InMail/InShop inmail.pl / inshop.pl XSS
YaBB Shadow BBCode Tag XSS
phpCMS parser.php file Parameter XSS
Aztek Forum Multiple Script XSS
phpMyAdmin < 2.6.0-pl3 Multiple XSS
TikiWiki tiki-error.php XSS
TeeKai Tracking Online XSS
ht://Dig htsearch.cgi words Parameter XSS
TIPS MailPost Cross-Site Scripting Vulnerability
Cherokee Web Server Error Page XSS
Horde IMP status.php3 script Parameter XSS
Horde Application Framework Help Window Multiple Parameter XSS
MoniWiki < 1.0.9 wiki.php XSS
Faq-O-Matic fom.cgi Multiple Parameter XSS
IBM Lotus Notes/Domino Square Brackets Encoding Failure XSS
Pinnacle ShowCenter SettingsBase.php Skin Parameter XSS
XOOPS viewtopic.php Multiple Parameter XSS
FuseTalk Forum img src Tag XSS
CjOverkill trade.php Multiple Method XSS
Invision Power Board Referer field XSS
Horde IMP HTML MIME Viewer Multiple XSS
PHP-Fusion homepage address Parameter XSS
WordPress < 1.2.2 Multiple XSS
vBulletin memberlist.php what Parameter XSS
ViewCVS viewcvs.cgi Multiple Parameter XSS
OpenBB board.php FID Parameter XSS
vBulletin newreply.php WYSIWYG_HTML Parameter XSS
PostNuke News Module article.php sid Parameter XSS
phpGroupWare Wiki Module XSS
OpenCA Client System Browser Form Input Field XSS
PsNews index.php Multiple Parameter XSS
Keene Digital Media Server Multiple Script XSS
CuteNews index.php mod Parameter XSS
DasBlog Activity / Event Viewer Multiple HTTP Header XSS
IlohaMail user Parameter XSS
IlohaMail Email Header XSS
Citrix NFuse Launch Scripts NFuse_Application Parameter XSS
XOOPS <= 1.0 Dictionary Module Multiple Scripts XSS
phpScheduleIt 1.0.0 RC1 Multiple XSS
Icecast list.cgi User-Agent XSS
Plesk Reloaded login_up.php3 login_name Parameter XSS
PHP Code Snippet Library index.php Multiple Parameter XSS
eGroupWare <= 1.0.00.003 Multiple Module XSS
PHP-Nuke PhotoADay Module pad_selected Parameter XSS
Mantis < 0.18.1 Multiple Unspecified XSS
Sympa New List Creation Description Field XSS
CuteNews show_archives.php archive Parameter XSS
BasiliX Webmail Content-Type Header XSS
Moodle post.php reply Parameter XSS
WackoWiki TextSearch phrase Parameter XSS
SquirrelMail < 1.4.3 Multiple Vulnerabilities
BreakCalendar < 1.3 XSS
BasiliX Message Content XSS
SquirrelMail < 1.2.11 Multiple Script XSS
PostNuke Reviews Module title Parameter XSS
WebCam Watchdog sresult.exe XSS
Phorum search.php subject Parameter XSS
PowerPortal modules/private_messages/index.php Multiple Parameter XSS
Horde IMP with MSIE MIME Viewer E-mail Message XSS
Xitami testssi.ssi HTTP Header XSS
phpBB < 2.0.10 Multiple XSS
Citrix MetaFrame XP login.asp NFuse_Message Parameter XSS
IMP Content-Type Header XSS
Open WebMail Multiple Content Header XSS
Oracle 9iAS iSQLplus XSS
Invision Power Board index.php pop Parameter XSS
vHost < 3.10r1 Unspecified XSS
phpBB < 2.0.7 Multiple XSS
SandSurfer < 1.7.1 XSS
vBulletin search.php query Parameter XSS
ASP Portal User Profile XSS
Mambo Site Server itemid Parameter XSS
miniBB bb_func_usernfo.php Website Name Field XSS
SGDynamo sgdynamo.exe HTNAME XSS
Horde IMP IMP_MIME_Viewer_html Class XSS
Gallery search.php searchstring Parameter XSS
TMaxSoft JEUS url.jsp URI XSS
pod.board 1.1 Multiple Script XSS
PostNuke < 0.7.2.3 Multiple Script XSS
LedNews News Post XSS
Zeus Admin vs_diag.cgi XSS
Bandmin 1.4 index.cgi Multiple Parameter XSS
eZ Publish articleview.php XSS
SHOUTcast Server Admin Log File XSS
Apache mod_ssl Host: Header XSS
Ceilidh testcgi.exe query Parameter XSS
Neoteris IVE swsrv.cgi XSS
Ocean12 Guestbook XSS
XMB < 1.9.1 Multiple XSS
XOOPS Glossary Module glossaire-aff.php lettre Parameter XSS
CC GuestBook cc_guestbook.pl Multiple Parameter XSS
ScozBook scozbook/add.php Multiple Parameter XSS
Sambar Server Multiple Script XSS
paFileDB pafiledb.php id Parameter XSS
WebChat XSS
ez Publish Multiple XSS
Siteframe search.php searchfor Parameter XSS
DCP-Portal Multiple Script XSS
Basit CMS Multiple Script XSS
Mambo Site Server 4.0.10 XSS
osCommerce 2.2ms1 Multiple Script XSS
MyAbraCadaWeb header.php ma_kw Parameter XSS
SquirrelMail 1.2.9 / 1.2.10 read_body.php Multiple Parameter XSS
RSA ClearTrust ct_logon.asp Multiple Parameter XSS
Microsoft IIS shtml.dll XSS
IBM Lotus Domino nsf File Argument XSS
Auction Deluxe auction.pl Multiple Variable XSS
Simple File Manager Directory / Filename XSS
Microsoft IIS IDC Extension XSS
Apache Tomcat DOS Device Name XSS
Apache Tomcat /servlet Mapping XSS
IBM WebSphere Traversal Error Page XSS
Apache JServ Nonexistent JSP Request XSS
Oracle 9iAS mod_plsql Multiple Procedures XSS
Microsoft IIS ASP Redirection Function XSS
FastCGI Multiple Sample CGI XSS
AgoraCart agora.cgi cart_id Parameter XSS
Webalizer < 2.01-09 Multiple XSS
Web Server Generic XSS
Microsoft IIS 5.0 Form_JScript.asp XSS
About Us | Jobs | Whitepapers | Training | Discussion Forums | Support Portal | Blog | RSS Feeds | Contact Us | Legal | Privacy

© Copyright 2002 - 2010 Tenable Network Security(R). All Rights Reserved.

This is the web site for the Nessus Vulnerability Scanner from Tenable Network Security. If you are looking for the probabilistic analysis software from Southwest Research Institute, please visit www.nessus.swri.org