The pspin_duplicate_post_save_as_new_post function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue

In the "Time in Status" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS.

Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.

statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks.

Status2k does not remove the install directory allowing credential reset.

Status2k allows Remote Command Execution in admin/options/editpl.php.

Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.

Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..

statusnet before 0.9.9 has XSS