Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name (...
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which co...
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula admi...
Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal.
A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting.
Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.