CVE Daily
← All tags

Tag: Cross-site Scripting (XSS)

All CVEs associated with "Cross-site Scripting (XSS)". Page 376/397 • 47635 CVEs.

Subscribe CVEs: RSS for “Cross-site Scripting (XSS)”  ·  RSS (High+Critical only)

About “Cross-site Scripting (XSS)”

A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47635 CVEs for this tag (all time). In the last 365 days, 7580 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2006-12-04
Medium

CVE-2006-6278

Cross-site scripting (XSS) vulnerability in index.php in @lex Guestbook 4.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6283

Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the subject field of (1) a private message (PM) or (2) a bul…

CVSS: 4.3 CWE: N/A View on NVD
2006-12-02
Medium

CVE-2006-6223

Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-6228

Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.

CVSS: 6.8 CWE: N/A View on NVD
2006-12-01
Medium

CVE-2006-6197

Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6198

Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) sc…

CVSS: 6.0 CWE: N/A View on NVD
Medium

CVE-2006-6205

Multiple cross-site scripting (XSS) vulnerabilities in result.asp in Enthrallweb eHomes allow remote attackers to inject arbitrary web script or HTML via the (1) city or (2) State parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6211

Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6219

Multiple cross-site scripting (XSS) vulnerabilities in index.php in dev4u CMS allow remote attackers to inject arbitrary web script or HTML via the (1) user_name, (2) passwort, and (3) go_target para…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6180

Cross-site scripting (XSS) vulnerability in articles.asp in Expinion.net iNews Publisher (iNP) 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the hl parameter. NOT…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6188

Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTech Click Gallery allows remote attackers to inject arbitrary web script or HTML via the txtKeyWord parameter. NOTE: some of thes…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-6196

Cross-site scripting (XSS) vulnerability in the search functionality in Fixit iDMS Pro Image Gallery allows remote attackers to inject arbitrary web script or HTML via a search field (txtsearchtext p…

CVSS: 6.8 CWE: N/A View on NVD
2006-11-30
Medium

CVE-2006-6174

Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2.1.x before 2.1.4.20061126 allows remote attackers to inject arbitrary web script or HTML via the conf parameter in (1) tdiary.rb…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-6176

Cross-site scripting (XSS) vulnerability in admin.php in Blogn before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

CVSS: 6.8 CWE: N/A View on NVD
2006-11-29
Medium

CVE-2006-6166

Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote at…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6162

Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenanc…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-6163

Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2006-11-28
Medium

CVE-2006-6148

Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp in JiRos Links Manager allow remote attackers to inject arbitrary web script or HTML via the (1) lName, (2) lURL, (3) lImage, and…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6153

Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via (1) catname parameter to cat.asp or the (2) m…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-6156

Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query stri…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-6158

Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitra…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6159

Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in DeskPRO 2.0.0 and 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) message or (2) subject parame…

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2006-11-26
Low

CVE-2006-6123

Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-6124

Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this informa…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6108

Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-6118

Cross-site scripting (XSS) vulnerability in thumbs.php in mmgallery 1.55 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CVSS: 6.8 CWE: N/A View on NVD
2006-11-24
Medium

CVE-2006-6082

Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) s…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-6087

Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-6088

Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) n or (2) d parameter in igallery.asp, or (3)…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-6089

Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Na…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-6091

Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-6096

Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-6075

Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp forum allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: The provenance of this informat…

CVSS: 6.8 CWE: N/A View on NVD
2006-11-22
Medium

CVE-2006-6035

Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter.

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-6037

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dan Jensen Travelsized CMS 0.4.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) page, (2) page_i…

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-6040

Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buil…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6046

Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) edit parameter to (a) admin/articles.php or (b) admin/co…

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2006-11-21
Medium

CVE-2006-6012

Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the pr…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-6019

Cross-site scripting (XSS) vulnerability in extensions/googiespell/googlespell_proxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6020

Cross-site scripting (XSS) vulnerability in announce.php in Blog Torrent Preview 0.92 allows remote attackers to inject arbitrary web script or HTML via the left parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6022

Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6032

Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_bl…

CVSS: 6.8 CWE: N/A View on NVD
2006-11-20
Medium

CVE-2006-5975

Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) URL, or (3) Comments field.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5984

Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) tx…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5985

Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) b…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5986

admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined w…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5983

Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_S…

CVSS: 6.0 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2006-11-17
Medium

CVE-2006-5958

Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) sear…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5960

Multiple cross-site scripting (XSS) vulnerabilities in account_login.asp in A+ Store E-Commerce allow remote attackers to inject arbitrary web script or HTML via the (1) username (txtUserName) and (2…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5942

Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5944

Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the s parameter.

CVSS: 6.8 CWE: N/A View on NVD
2006-11-15
Medium

CVE-2006-5900

Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote attackers to inject arbitrary web scrip…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5915

Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMEDIA LandShop allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) CAT_ID, (3) keyword, (4) search_…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5921

Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php in Wheatblog (wB) allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) WWW, and (3) Comment field…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-5924

Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenanc…

CVSS: 5.8 CWE: N/A View on NVD
2006-11-14
Low

CVE-2006-5883

Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user…

CVSS: 3.5 CWE: N/A View on NVD
2006-11-10
Medium

CVE-2006-5843

Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2.0 allows remote attackers to inject arbitrary web script or HTML via the showRevisions parameter.

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-5847

Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-5853

Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy CMS (Immediacy .NET CMS) 5.2 allows remote attackers to inject arbitrary web script or HTML via the lang parameter, which is return…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5825

Cross-site scripting (XSS) vulnerability in index.php in Kayako SupportSuite 3.00.32 allows remote attackers to inject arbitrary web script or HTML via the query string.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5827

Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpComasy CMS 0.7.9pre and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username or (2) passwo…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5830

Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid,…

CVSS: 6.8 CWE: N/A View on NVD
2006-11-08
Medium

CVE-2006-5810

Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5799

Multiple cross-site scripting (XSS) vulnerabilities in default.asp in xenis.creator CMS allow remote attackers to inject arbitrary web script or HTML via the (1) contid or (2) search parameters.

CVSS: 6.8 CWE: N/A View on NVD
Low

CVE-2006-5800

Cross-site scripting (XSS) vulnerability in default.asp in xenis.creator CMS allows remote attackers to inject arbitrary web script or HTML via the nav parameter. NOTE: the provenance of this inform…

CVSS: 2.6 CWE: N/A View on NVD
2006-11-07
Low

CVE-2006-5791

Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is n…

CVSS: 2.6 CWE: N/A View on NVD
2006-11-06
Medium

CVE-2006-5761

Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5769

Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fSid or (2) fSrcBegriffe parameters in un…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5770

Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via (1) Bloks, (2) Newnews, (3) lBlok, and (4) foooot parameter in (a)…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5771

Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 before 2.0/2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5774

Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5775

Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard 0.71 before 4 November 2006 at 18:16 GMT allows remote attackers to inject arbitrary web script or HTML, possibly via the name par…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5741

Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5743

Multiple cross-site scripting (XSS) vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to inject arbitrary web script or HTML via (1)…

CVSS: 4.3 CWE: N/A View on NVD
2006-11-04
Medium

CVE-2006-5703

Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demon…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-5712

Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using th…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5713

Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) author, (2) content, or (3) title paramet…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5717

Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Data Client Library (ZendGData) Preview 0.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified paramete…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5718

Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, whic…

CVSS: 4.3 CWE: N/A View on NVD
2006-11-03
Medium

CVE-2006-5652

Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) funct…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5653

Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the er…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5661

Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

CVSS: 6.8 CWE: N/A View on NVD
2006-11-01
Medium

CVE-2006-5643

Cross-site scripting (XSS) vulnerability in search_de.html in foresite CMS allows remote attackers to inject arbitrary web script or HTML via the query parameter.

CVSS: 6.8 CWE: N/A View on NVD
2006-10-31
Medium

CVE-2006-5631

Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings when the action parameter is not…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5632

Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-5626

Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content Management System (CMS) before 1.3.36 on 20061026 allows remote attackers to inject arbitrary web s…

CVSS: 4.3 CWE: N/A View on NVD
2006-10-30
Medium

CVE-2006-5605

Multiple cross-site scripting (XSS) vulnerabilities in phpcards.footer.php in phpCards 1.3 allow remote attackers to inject arbitrary web script or HTML via the CardFontFace parameter and other unspe…

CVSS: 6.8 CWE: N/A View on NVD
2006-10-28
Medium

CVE-2006-5598

Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery 2.0, and possibly other versions before 2.0.3, allows remote attackers to inject arbitrary HTML or web script via the image para…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5599

Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP packag…

CVSS: 4.3 CWE: N/A View on NVD
2006-10-27
Medium

CVE-2006-5560

Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and un…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-5564

Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this informa…

CVSS: 4.3 CWE: N/A View on NVD
2006-10-26
Medium

CVE-2006-5529

Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a s…

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-5530

Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php,…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-5532

Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter. NOTE: some of these deta…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5534

Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-5535

Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scrip…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5537

Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) up…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5515

Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, rela…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5516

Multiple cross-site scripting (XSS) vulnerabilities in actions/usersettings.php in WikiNi before 0.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email par…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5524

Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-53…

CVSS: 6.8 CWE: N/A View on NVD
2006-10-25
Medium

CVE-2006-5503

Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5504

Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action par…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5512

Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen Online Shop allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5496

Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5499

Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager a…

CVSS: 6.8 CWE: N/A View on NVD
2006-10-24
Medium

CVE-2006-5486

Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via cr…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-5475

Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted…

CVSS: 6.8 CWE: N/A View on NVD
2006-10-23
Medium

CVE-2006-5447

Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-5451

Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a)…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Low

CVE-2006-5453

Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject a…

CVSS: 3.5 CWE: N/A View on NVD
Medium

CVE-2006-5457

Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or…

CVSS: 4.3 CWE: N/A View on NVD
2006-10-21
Medium

CVE-2006-5442

ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 enco…

CVSS: 6.8 CWE: N/A View on NVD
2006-10-20
Medium

CVE-2006-5430

Cross-site scripting (XSS) vulnerability in the search functionality in db-central (dbc) Enterprise CMS and db-central CMS allows remote attackers to inject arbitrary web script or HTML via the needl…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5408

Multiple cross-site scripting (XSS) vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to inject arbitrary HTML…

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-5416

Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Networks FirePass 1000 SSL VPN 5.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the sid p…

CVSS: 5.1 CWE: N/A View on NVD
2006-10-18
Critical

CVE-2006-5351

Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03,…

CVSS: 9.0 CWE: N/A View on NVD
2006-10-17
Medium

CVE-2006-5321

Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-5299

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Gcontact 0.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: N/A View on NVD
2006-10-16
Medium

CVE-2006-5293

Cross-site scripting (XSS) vulnerability in index.php in PhpOutsourcing Noah's Classifieds 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the frommethod parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-5294

Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter.

CVSS: 4.3 CWE: N/A View on NVD