CVE Daily
← All tags

Tag: Cross-site Scripting (XSS)

All CVEs associated with "Cross-site Scripting (XSS)". Page 382/397 • 47635 CVEs.

Subscribe CVEs: RSS for “Cross-site Scripting (XSS)”  ·  RSS (High+Critical only)

About “Cross-site Scripting (XSS)”

A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47635 CVEs for this tag (all time). In the last 365 days, 7582 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2006-05-01
Medium

CVE-2006-2124

Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prevaction, (2) previd, (3) prevstart, (4) ite…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-2117

Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page.

CVSS: 4.3 CWE: N/A View on NVD
2006-04-29
Medium

CVE-2006-2084

Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in (a) i…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-2088

Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bulletin Board (OpenBB) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via (1) the FID parameter in board.php a…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-2089

Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) username parameters.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-2104

Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php,…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-2106

Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro…

CVSS: 4.3 CWE: N/A View on NVD
2006-04-27
Medium

CVE-2006-2079

Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky Media Instant Photo Gallery, possibly before 1.0.2, allows remote attackers to inject arbitrary web script or HTML via the cat_id…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-2080

SQL injection vulnerability in portfolio_photo_popup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not clea…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-2066

Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HT…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-2070

Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action.

CVSS: 4.3 CWE: N/A View on NVD
2006-04-26
Medium

CVE-2006-2048

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) us…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-2049

Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-2051

Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password p…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-2052

Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.p…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-2063

Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-2037

Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 Beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the navpath parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-2028

Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. NOTE…

CVSS: 5.8 CWE: N/A View on NVD
Low

CVE-2006-2031

Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CVSS: 2.6 CWE: N/A View on NVD
2006-04-25
Medium

CVE-2006-2000

Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods 0.9 allows remote attackers to inject arbitrary web script or HTML via the kwd parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-2001

Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-2003

Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community Architect Guestbook allows remote attackers to inject arbitrary web script or HTML by signing the guestbook, which is displayed…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-2011

Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickname, probably involving the user_name par…

CVSS: 2.6 CWE: N/A View on NVD
High

CVE-2006-2013

SQL injection vulnerability in page.php in SL_site 1.0 allows remote attackers to execute arbitrary SQL commands via the id_page parameter. NOTE: this issue could be used to produce resultant XSS fro…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-2014

Directory traversal vulnerability in gallerie.php in SL_site 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a…

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2006-2015

Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. NOTE: other XSS vectors, as repor…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-2016

Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2006-04-21
Medium

CVE-2006-1977

Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) message parameters.

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-1979

Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web MWGuest 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter.

CVSS: 5.8 CWE: N/A View on NVD
Low

CVE-2006-1980

Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter.

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-1960

Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arb…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-1965

Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys…

CVSS: 5.8 CWE: N/A View on NVD
Low

CVE-2006-1967

Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KCScripts Calendar, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrar…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-1968

Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in KCScripts News Publisher, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbi…

CVSS: 5.8 CWE: N/A View on NVD
Low

CVE-2006-1969

Cross-site scripting (XSS) vulnerability in search/search.cgi in an unspecified KCScripts script, probably Search Engine or Site Search, distributed individually and as part of Portal Pack 6.0 and ea…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-1970

Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in KCScripts Classifieds, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject ar…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1971

Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM ContentBoxX allows remote attackers to inject arbitrary web script or HTML via the action parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1972

Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut EasyGallery allows remote attackers to inject arbitrary web script or HTML via the ordner parameter.

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-1975

Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in PHP-Gastebuch 1.61 allows remote attackers to inject arbitrary web script or HTML via the Kommentar field.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1976

Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer Request Board (PRB) Beta 1 before 20060320 allows remote attackers to inject arbitrary web script or HTML via the Request field.

CVSS: 2.6 CWE: N/A View on NVD
2006-04-20
Low

CVE-2006-1943

Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addl…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1944

Multiple cross-site scripting (XSS) vulnerabilities in SibSoft CommuniMail 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the list_id parameter in mailadmin.cgi…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1945

Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the sam…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1946

Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubn…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-1950

Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in PerlCoders BannerFarm 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) aff and (2) cat p…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-1908

Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter. NOTE: the provenance of this informatio…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-1911

Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1912

MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-1913

Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax Guestbook 3.1, 3.31, and 3.50 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-1916

Multiple cross-site scripting (XSS) vulnerabilities in profile.php in DbbS 2.0-alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ulocation or (2) uhobbies pa…

CVSS: 6.8 CWE: N/A View on NVD
Low

CVE-2006-1918

Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 allow remote attackers to inject arbitrary web script or HTML via the menuid parameter to (1) index.php or (2) forum.php, or the (3)…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-1923

Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors.

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-1925

Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-1878

Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-1888

phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can th…

CVSS: 6.8 CWE: CWE-264 View on NVD
Medium

CVE-2006-1889

Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen (aka SCRIPTSOLUTION) Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-1891

Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormVal_profile para…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1893

Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-1894

Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived from PunBB, allows remote attackers to inject arbitrary web script or HTML via a substitution cipher of the email tag, which is t…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-1898

Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Low

CVE-2006-1899

Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1903

Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1904

Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis Gallery allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1906

Cross-site scripting (XSS) vulnerability in index.php in jjgan852 phpLister 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CVSS: 2.6 CWE: N/A View on NVD
2006-04-19
Low

CVE-2006-1835

Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1841

Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1842

Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) NAME and (2) COMMENTS parameters.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1843

Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) LOCATION and (2) URL parameters. NOTE: the provenan…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-1846

Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in t…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-1848

Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date pa…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1850

Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1854

Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and…

CVSS: 2.6 CWE: N/A View on NVD
2006-04-18
Medium

CVE-2006-1801

Cross-site scripting (XSS) vulnerability in planetsearchplus.php in planetSearch+ allows remote attackers to inject arbitrary web script or HTML via the search_exp parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1802

Cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the twg_album parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1803

Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-1806

Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1808

Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1810

Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the (1) ICQ, (2) AIM, (3) MSN, (4) Google Talk, (5) Website…

CVSS: 1.9 CWE: N/A View on NVD
Low

CVE-2006-1815

Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_realname…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1818

Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name a…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-1820

Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the direct…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-1822

Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2.5.3 Pro and earlier allows remote attackers to inject arbitrary web script or HTML via the selected_search_arch parameter.

CVSS: 5.8 CWE: N/A View on NVD
Low

CVE-2006-1824

Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Commen…

CVSS: 1.2 CWE: N/A View on NVD
Medium

CVE-2006-1825

Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-1826

Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in view.php, (2)…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2006-04-17
Medium

CVE-2006-1796

Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inj…

CVSS: 6.8 CWE: N/A View on NVD
Low

CVE-2006-1795

Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of…

CVSS: 2.6 CWE: N/A View on NVD
2006-04-15
Medium

CVE-2006-1436

Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the (1) Event, (2) Description, (3) Time, (4) Websit…

CVSS: 4.3 CWE: N/A View on NVD
2006-04-14
High

CVE-2006-1791

Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resulta…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1731

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object whe…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-1732

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin…

CVSS: 4.3 CWE: N/A View on NVD
2006-04-13
Low

CVE-2006-1786

Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-reader…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-1765

Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-1768

Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_name, (2)…

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-1769

Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila 9.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the mode parameter in msgReader$1 and (2)…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-1775

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Gr…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1779

Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter.

CVSS: 6.8 CWE: N/A View on NVD
Low

CVE-2006-1783

Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1757

Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1759

Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter.

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-1760

Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.vie…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Low

CVE-2006-1761

Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error messa…

CVSS: 2.6 CWE: N/A View on NVD
High

CVE-2006-1762

Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. NOTE: this issue can be exploited to produce resultant X…

CVSS: 7.5 CWE: N/A View on NVD
2006-04-12
Low

CVE-2006-1745

Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this informatio…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1748

Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, whic…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1750

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Autogallery 0.41 allow remote attackers to inject arbitrary web script or HTML via the (1) pic or (2) show parameters.

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Low

CVE-2006-1752

Multiple cross-site scripting (XSS) vulnerabilities in the backend in MvBlog before 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) body fields in a comment.

CVSS: 2.6 CWE: N/A View on NVD
2006-04-11
Medium

CVE-2006-0015

Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web s…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-1713

Cross-site scripting (XSS) vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-1716

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode…

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-1717

Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary…

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-1720

Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1722

Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 allows remote attackers to inject arbitrary web script or HTML via the Suchstring1 (aka search) parameter.

CVSS: 6.8 CWE: N/A View on NVD
Low

CVE-2006-1712

Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-1690

Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the user_name parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-1696

Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1697

Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1698

Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-1699

Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner Generator 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the banner parameter in view mode.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-1701

Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php.

CVSS: 2.6 CWE: N/A View on NVD