Cross-site Scripting (XSS) - 47635 CVEs (Page 375/397)

2007-01-11

Medium

CVE-2007-0175

Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2007-0176

Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2007-0177

Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers…

CVSS: 5.1 CWE: N/A View on NVD

2007-01-09

Medium

CVE-2007-0141

Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2007-0144

Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parame…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2007-0146

Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2)…

CVSS: 6.0 CWE: N/A View on NVD

Medium

CVE-2007-0136

Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1)…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2007-0137

Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in t…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2007-0119

Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.c…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2007-0121

Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2007-0106

Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2007-0110

Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstan…

CVSS: 6.8 CWE: N/A View on NVD

2007-01-05

Medium

CVE-2007-0083

Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as de…

CVSS: 6.8 CWE: N/A View on NVD

2007-01-04

Medium

CVE-2007-0054

Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote attackers to inject arbitrary web script or HTML via the sortby parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2007-0056

Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) a…

CVSS: 6.8 CWE: N/A View on NVD

2007-01-03

Medium

CVE-2007-0045

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x befo…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2007-0048

Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome…

CVSS: 5.0 CWE: N/A View on NVD

2006-12-31

Medium

CVE-2006-4220

Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2006-4576

Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rend…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-4577

Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-4727

Cross-site scripting (XSS) vulnerability in emfadmin/statusView.do in Tumbleweed EMF Administration Module 6.2.2 Build 4123, and possibly other versions before 6.3.2, allows remote attackers to injec…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2006-6832

Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module ti…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2006-6844

Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6845

Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6851

Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6857

Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-6862

Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2)…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6868

Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6871

Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) th…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6874

Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. NOTE: The…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6882

Cross-site scripting (XSS) vulnerability in golden book allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2006-6892

Cross-site scripting (XSS) vulnerability in the GetLocation function in online.php in Jonathon J. Freeman OvBB 0.13a allows remote attackers to inject arbitrary web script or HTML via the aRequest va…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-7233

Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.6.0, and possibly other versions before 3.5.3, allows remote attackers to…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2006-12-29

Medium

CVE-2006-6815

Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to…

CVSS: 6.0 CWE: N/A View on NVD

Medium

CVE-2006-6824

Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate para…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2006-12-28

Medium

CVE-2006-6808

Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have r…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6777

Cross-site scripting (XSS) vulnerability in index.cfm in Future Internet allows remote attackers to inject arbitrary web script or HTML via the categoryId parameter in a Portal.ShowPage action.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6778

Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the nid parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6779

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6782

Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 6.8 CWE: N/A View on NVD

2006-12-27

Medium

CVE-2006-6769

Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search_string parameter in (a) setup/trans…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6768

Multiple cross-site scripting (XSS) vulnerabilities in default.asp in PWP Technologies The Classified Ad System allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) ma…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6746

Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2006-12-26

Medium

CVE-2006-6733

Cross-site scripting (XSS) vulnerability in support/view.php in Support Cards 1 (osTicket) allows remote attackers to inject arbitrary web script or HTML via the e parameter.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2006-6734

Cross-site scripting (XSS) vulnerability in modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to inject arbitrary web script or HTML via the catna…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2006-6729

Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2006-12-23

Medium

CVE-2006-6721

Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Knusperleicht ShoutBox 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) sbNick or (2) sbKommentar para…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6700

Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This information is based upon a vague initial…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6702

Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. NOTE: The provenance of this in…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6703

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6704

Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the da…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6708

Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet Property Site Manager allows remote attackers to inject arbitrary web script or HTML via the s parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6712

Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages.

CVSS: 6.8 CWE: N/A View on NVD

2006-12-21

Medium

CVE-2006-6687

Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET), allows remote attackers to inject arbitrary web script or…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2006-6695

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Carsen Klock TextSend 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) error or (2) success parameter.…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6675

Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified…

CVSS: 6.8 CWE: N/A View on NVD

2006-12-20

Medium

CVE-2006-6668

Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this informatio…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6669

Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6646

Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6647

Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4.7.x-3.3 and 5.x before 5.x-1.3 module for Drupal allows remote attackers to inject arbitrary web script or HTML via the Title fie…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6649

Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an encoded frm_action parameter. NOTE: the vendo…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6503

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing th…

CVSS: 6.8 CWE: CWE-254 View on NVD

Medium

CVE-2006-6507

Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error.

CVSS: 4.3 CWE: N/A View on NVD

2006-12-19

Medium

CVE-2006-6640

Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCatalyst allow remote attackers to inject arbitrary web script or HTML via the (1) ss parameter in (a) search.asp and the (2) compa…

CVSS: 6.8 CWE: N/A View on NVD

2006-12-18

Medium

CVE-2006-6625

Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of th…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6626

Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG e…

CVSS: 6.8 CWE: N/A View on NVD

2006-12-15

Medium

CVE-2006-6600

Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a rela…

CVSS: 6.0 CWE: N/A View on NVD

Medium

CVE-2006-6582

Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) members_username (user) and (2…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6587

Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6589

Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script o…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6571

Multiple cross-site scripting (XSS) vulnerabilities in form.php in GenesisTrader 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cuve, (2) chem, (3) do, and possibly oth…

CVSS: 6.8 CWE: N/A View on NVD

2006-12-14

Low

CVE-2006-6548

Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scrip…

CVSS: 3.5 CWE: N/A View on NVD

Medium

CVE-2006-6536

Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber Free Edition allows remote attackers to inject arbitrary web script or HTML via the hata parameter. NOTE: The provenance of this i…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6544

Cross-site scripting (XSS) vulnerability in CM68 News allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6517

Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b)…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6518

Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) date, (4) sujet, (5) message, (6) s…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6520

Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6522

Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale TwoZero before 2.31 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) forum module…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6523

Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6531

Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access,…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6532

Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) StrMsg or (2) Topic_ID parameter to (a)…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6534

Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-6509

Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: UR…

CVSS: 4.1 CWE: N/A View on NVD

2006-12-12

Low

CVE-2006-6483

Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTM…

CVSS: 2.6 CWE: N/A View on NVD

Medium

CVE-2006-6485

Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the prevlocation parameter in shopper/sc/registration…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6479

Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the email parameter in (1) erreurinscription.php, (2) Temp…

CVSS: 6.8 CWE: N/A View on NVD

2006-12-11

Medium

CVE-2006-6466

Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in WikyBlog 1.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) key, (2) d, (3) l, or (4) v pa…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6459

Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB Toplist 1.3.7 allows remote attackers to inject arbitrary HTML or web script via the (1) Name and (2) Information fields when adding a…

CVSS: 6.8 CWE: N/A View on NVD

2006-12-10

Medium

CVE-2006-6447

Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6451

Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php…

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2006-6452

Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles module before 0.6 beta 1, for RunCMS, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6413

Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6420

Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attack…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6421

Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Messa…

CVSS: 6.0 CWE: N/A View on NVD

Medium

CVE-2006-6436

Cross-site scripting (XSS) vulnerability in the Network controller in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6401

Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in MyStats 1.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) connexion, (2) by, and (3) de…

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2006-12-08

Medium

CVE-2006-6386

Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject a…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6388

Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in LINK Content Management Server (CMS) allows remote attackers to inject arbitrary web script or HTML via the txtPretraga parameter.…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6389

Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3)…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6393

Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera 1.0-rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the InputFilt…

CVSS: 6.8 CWE: N/A View on NVD

2006-12-07

Medium

CVE-2006-6380

Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6371

Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6372

Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php in JAB Guest Book 20061205 allow remote attackers to inject arbitrary web script or HTML via the (1) topic or (2) message parame…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6375

Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6359

Cross-site scripting (XSS) vulnerability in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2006-6363

Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via t…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6364

Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6366

Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web scri…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6348

Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 allows remote attackers to inject arbitrary web script or HTML via the forum_name[] parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6356

Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4)…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6357

Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in PHPNews 1.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The prov…

CVSS: 6.8 CWE: N/A View on NVD

2006-12-05

Medium

CVE-2006-6142

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php,…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6300

Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result parameter.

CVSS: 4.3 CWE: N/A View on NVD

2006-12-04

Medium

CVE-2006-6249

Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6256

Cross-site scripting (XSS) vulnerability in the file manager in admin/bro_main.php in AlternC 0.9.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a folder name.

CVSS: 6.8 CWE: N/A View on NVD

Critical

CVE-2006-6258

The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cro…

CVSS: 9.3 CWE: N/A View on NVD

Medium

CVE-2006-6271

Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) index.php, (2) info.php; and (3) ind…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6272

Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6274

SQL injection vulnerability in articles.asp in Expinion.net iNews (1) Publisher (iNP) 2.5 and earlier, and possibly (2) News Manager, allows remote attackers to execute arbitrary SQL commands via the…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-6276

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypas…

CVSS: 6.8 CWE: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') View on NVD

About “Cross-site Scripting (XSS)”

CVE-2007-0175

CVE-2007-0176

CVE-2007-0177

CVE-2007-0141

CVE-2007-0144

CVE-2007-0146

CVE-2007-0136

CVE-2007-0137

CVE-2007-0119

CVE-2007-0121

CVE-2007-0106

CVE-2007-0110

CVE-2007-0083

CVE-2007-0054

CVE-2007-0056

CVE-2007-0045

CVE-2007-0048

CVE-2006-4220

CVE-2006-4576

CVE-2006-4577

CVE-2006-4727

CVE-2006-6832

CVE-2006-6844

CVE-2006-6845

CVE-2006-6851

CVE-2006-6857

CVE-2006-6862

CVE-2006-6868

CVE-2006-6871

CVE-2006-6874

CVE-2006-6882

CVE-2006-6892

CVE-2006-7233

CVE-2006-6815

CVE-2006-6824

CVE-2006-6808

CVE-2006-6777

CVE-2006-6778

CVE-2006-6779

CVE-2006-6782

CVE-2006-6769

CVE-2006-6768

CVE-2006-6746

CVE-2006-6733

CVE-2006-6734

CVE-2006-6729

CVE-2006-6721

CVE-2006-6700

CVE-2006-6702

CVE-2006-6703

CVE-2006-6704

CVE-2006-6708

CVE-2006-6712

CVE-2006-6687

CVE-2006-6695

CVE-2006-6675

CVE-2006-6668

CVE-2006-6669

CVE-2006-6646

CVE-2006-6647

CVE-2006-6649

CVE-2006-6503

CVE-2006-6507

CVE-2006-6640

CVE-2006-6625

CVE-2006-6626

CVE-2006-6600

CVE-2006-6582

CVE-2006-6587

CVE-2006-6589

CVE-2006-6571

CVE-2006-6548

CVE-2006-6536

CVE-2006-6544

CVE-2006-6517

CVE-2006-6518

CVE-2006-6520

CVE-2006-6522

CVE-2006-6523