CVE Daily
← All tags

Tag: Cross-site Scripting (XSS)

All CVEs associated with "Cross-site Scripting (XSS)". Page 379/397 • 47635 CVEs.

Subscribe CVEs: RSS for “Cross-site Scripting (XSS)”  ·  RSS (High+Critical only)

About “Cross-site Scripting (XSS)”

A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47635 CVEs for this tag (all time). In the last 365 days, 7582 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2006-07-12
Medium

CVE-2006-3526

Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Sport-slo Advanced Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) name and (2) form parame…

CVSS: 5.8 CWE: N/A View on NVD
2006-07-11
Medium

CVE-2006-3514

Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3519

Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engine (tbe) 4.0 allow remote attackers to execute arbitrary web script or HTML via the (1) text parameter in a search action to (a)…

CVSS: 5.8 CWE: N/A View on NVD
2006-07-10
Medium

CVE-2006-3494

Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id…

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-3476

Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword paramet…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3480

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFro…

CVSS: 5.8 CWE: N/A View on NVD
Low

CVE-2006-3482

Cross-site scripting (XSS) vulnerability in maillist.php in PHPMailList 1.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3484

Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a)…

CVSS: 2.6 CWE: N/A View on NVD
2006-07-07
Medium

CVE-2006-3405

Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) delete, (2) pathext, and (3) edit parameters.

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-3428

Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in (1) loan.php and (2) mortgage.php.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3429

Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the currency parameter in (1) loan.php and (2) mortgage.php. NOTE:…

CVSS: 4.3 CWE: N/A View on NVD
2006-07-06
Medium

CVE-2006-3358

Multiple cross-site scripting (XSS) vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) cat_id, and (4) tim p…

CVSS: 6.8 CWE: N/A View on NVD
Low

CVE-2006-3366

Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id param…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3377

Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) K…

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2006-3382

Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via the "search string".

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3383

Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover within a URL. NOTE: the pro…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-3385

Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters.

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-3388

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-3397

Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) titl…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-3399

Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki before 1.1.2-20060702 allows remote attackers to inject arbitrary Javascript via the URL, which is reflected back in an error message,…

CVSS: 2.6 CWE: N/A View on NVD
2006-07-03
Medium

CVE-2006-3345

Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and earlier, allows remote attackers to inject arbitrary web script or HTML via a chat line.

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-3337

Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3338

Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureRel…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3342

Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd.

CVSS: 2.6 CWE: N/A View on NVD
2006-06-30
High

CVE-2006-3323

PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. NOTE: the same vector can be used for cross-…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-3327

Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3328

new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter ("Ticket Description" field) that points to a URL that…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-3330

Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field),…

CVSS: 6.8 CWE: N/A View on NVD
Low

CVE-2006-3333

Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3321

Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp in OpenForum 1.2 Beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ofdisp and (2) ofmsgid…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3319

Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter.

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-3320

Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter.

CVSS: 2.6 CWE: N/A View on NVD
2006-06-29
Medium

CVE-2006-3312

Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-3313

Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter.

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3295

Cross-site scripting (XSS) vulnerability in header.php in Open Guestbook 0.5 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-3297

Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenanc…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-3299

Cross-site scripting (XSS) vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3301

Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) u…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3303

Multiple cross-site scripting (XSS) vulnerabilities in pm.php in DeluxeBB 1.07 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) to parameters.

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-3305

Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in ind…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3306

Cross-site scripting (XSS) vulnerability in the preparestring function in lib/common.php in Project EROS bbsengine before 20060501-0142-jam, and possibly earlier versions dating back to 2006-02-23, m…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2006-3308

Unspecified vulnerability in the wpprop code for Project EROS bbsengine before 20060622-0315 has unknown impact and remote attack vectors via [img] tags, possibly cross-site scripting (XSS).

CVSS: 9.3 CWE: N/A View on NVD
2006-06-28
Low

CVE-2006-3289

Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arb…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3273

Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field).

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3278

Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, an…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3279

Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Sex parameter in index.php, (2) ProfileType parameter in join_form.…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-3284

Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3253

Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this repor…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3257

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including (1) calendar/my…

CVSS: 4.3 CWE: N/A View on NVD
2006-06-27
Low

CVE-2006-3258

Multiple cross-site scripting (XSS) vulnerabilities in index.html in BNBT TrinEdit and EasyTracker 7.7r3.2004.10.27 and earlier allow remote attackers to inject arbitrary web script or HTML via the (…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3259

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3260

Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3261

Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is no…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-3264

Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3265

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pr…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3230

Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus Tracker 2.4.0.2 and earlier (Java BitTorrent Client Tracker) allows remote attackers to inject arbitrary web script or HTML via the s…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3233

Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HT…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-3235

Multiple cross-site scripting (XSS) vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) promocja, (2) wysw, or (3) id_pr…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3237

Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3240

Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Low

CVE-2006-3241

Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3245

Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatec…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3246

Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf Forum 6.4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the sort parameter.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3247

Multiple cross-site scripting (XSS) vulnerabilities in show.php in GL-SH Deaf Forum 6.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) page, and (…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3229

Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (…

CVSS: 4.3 CWE: N/A View on NVD
2006-06-26
Low

CVE-2006-3225

Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Editio…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-2311

Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1)…

CVSS: 2.6 CWE: N/A View on NVD
2006-06-24
Medium

CVE-2006-3210

Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when register_globals is enabled, allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks via URLs o…

CVSS: 5.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2006-3211

Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments paramet…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-3212

Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject web script or HTML via the (1) name, (2) email, (3) add, and (4) wName parameters…

CVSS: 4.3 CWE: N/A View on NVD
2006-06-23
Medium

CVE-2006-3169

Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-3174

Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3179

Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in Confixx Pro 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the account parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3180

Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx Pro 3.0 allows remote attackers to inject arbitrary web script or HTML via the path parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-3183

Cross-site scripting (XSS) vulnerability in index.php in MobeScripts Mobile Space Community 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) browse parameter…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-3186

Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon 1.3.2 allow remote attackers to inject arbitrary web script or HTML via the mainpath parameter to (1) data/footer.php and (2) admin/…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3187

Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) maingroup and (2) secondgroup parameter…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3189

Cross-site scripting (XSS) vulnerability in administration/tblcontent/login1.php in HotPlug CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-3191

Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 allows remote attackers to inject arbitrary web script or HTML via the pageid parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3195

Cross-site scripting (XSS) vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the template parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3197

Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HT…

CVSS: 4.3 CWE: N/A View on NVD
2006-06-22
Medium

CVE-2006-3137

Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cart_id parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3138

Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2)…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-3141

Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye Shop R4 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3143

Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus SchoolMAX 4.0.1 and earlier iCue and iParent applications allows remote attackers to inject arbitrary web script or HTML via the…

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2006-3149

Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3151

Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3153

Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3155

Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in (a) emailtofriend.p…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3156

Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eShop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the subid parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3157

Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory UltimateGoogle 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter.

CVSS: 5.8 CWE: N/A View on NVD
Low

CVE-2006-3160

Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3166

Cross-site scripting (XSS) vulnerability in propview.php in Free Realty 2.9-0.6 and earlier allows remote attackers to execute arbitrary web script or HTML via the sort parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3129

Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC LinkList 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) view parameters.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3131

Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3132

Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php.

CVSS: 5.8 CWE: N/A View on NVD
2006-06-21
Medium

CVE-2006-3101

Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok param…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3103

Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3106

Cross-site scripting (XSS) vulnerability in index.php in phpMyDesktop|Arcade 1.0 allows remote attackers to inject arbitrary web script or HTML via the subsite parameter in the subsite todo.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3108

Cross-site scripting (XSS) vulnerability in EmailArchitect Email Server 6.1 allows remote attackers to inject arbitrary Javascript via an HTML div tag with a carriage return between the onmouseover a…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3109

Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web scr…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3110

Cross-site scripting (XSS) vulnerability in main.php in Chipmailer 1.09 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) betreff, (3) mail, and (4) text parameters.

CVSS: 4.3 CWE: N/A View on NVD
2006-06-19
Medium

CVE-2006-3087

Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pUserID, (2) aid, (3) aname, (4) uid, and (5…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-3088

Cross-site scripting (XSS) vulnerability in index.php in Car Classifieds allows remote attackers to inject arbitrary web script or HTML via the make_id parameter. NOTE: the provenance of this inform…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3089

Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) prefixe_dossier param…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3095

Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the RETURNURL parameter in (1) userlogin.cfm and…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3060

Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) read parameter in index.php, (2) farea parameter in faq.php, and (3)…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-3061

Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in r…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Low

CVE-2006-3062

Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3063

Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2)…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3071

Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Archive 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter, as used by the "search b…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3073

Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clien…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3077

Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGuestbook 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3079

Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3080

Cross-site scripting (XSS) vulnerability in viewposts.cfm in aXentForum II and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter.

CVSS: 4.3 CWE: N/A View on NVD
2006-06-16
Low

CVE-2006-3043

Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe (CFXe) CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the voltext_suche parameter.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-3044

Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected in an error page.

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3047

Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-3049

Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in Mole Group Ticket Booking Script allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) address1, (…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-3051

Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to inject arbitrary script code or HTML via the page parameter.

CVSS: 5.1 CWE: N/A View on NVD