Cross-site Scripting (XSS) - 47635 CVEs (Page 384/397)

2006-03-14

Medium

CVE-2006-1223

Cross-site scripting (XSS) vulnerability in Jupiter Content Manager 1.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in the image BBcode tag.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1215

Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue h…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1216

Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1199

Cross-site scripting (XSS) vulnerability in iframe.php in daverave Link Bank allows remote attackers to inject arbitrary web script or HTML via the site parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1202

Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.p…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1204

Multiple cross-site scripting (XSS) vulnerabilities in txtForum 1.0.4-dev and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prev, (2) next, and (3) rand5 parameter…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1205

Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) pos…

CVSS: 4.3 CWE: N/A View on NVD

2006-03-13

Medium

CVE-2006-1196

Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) actio…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0820

Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages.

CVSS: 4.3 CWE: N/A View on NVD

2006-03-12

Medium

CVE-2006-1160

Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to inject arbitrary web script or HTML via the Description field in creating a folder or upl…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1163

Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: it is possible that this issue is resultant from…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-1165

Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors relating to…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1155

Cross-site scripting (XSS) vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to inject arbitrary web script or HTML via the Error parameter in (1) log…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1157

Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter)…

CVSS: 4.3 CWE: N/A View on NVD

2006-03-10

Medium

CVE-2006-1143

Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment_body parameter, as used by the comment field, when po…

CVSS: 4.3 CWE: N/A View on NVD

Low

CVE-2006-1144

Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrary web script or HTML via (1) the user parameter in deleteuser.php and (2) the hits parameter in vie…

CVSS: 2.6 CWE: N/A View on NVD

Medium

CVE-2006-1151

Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows remote attackers to inject arbitrary web script or HTML via the go parameter.

CVSS: 5.0 CWE: N/A View on NVD

Medium

CVE-2006-1130

Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1131

Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the comment_title parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1133

Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE:…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1135

Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter…

CVSS: 4.3 CWE: N/A View on NVD

2006-03-09

Medium

CVE-2006-1127

Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not pr…

CVSS: 4.3 CWE: N/A View on NVD

Low

CVE-2006-1120

Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url p…

CVSS: 2.6 CWE: N/A View on NVD

Medium

CVE-2006-1121

Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-1122

Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-1089

Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF vari…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1096

Cross-site scripting (XSS) vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issu…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1097

Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter t…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1106

Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email param…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1107

Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the nick parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1110

Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows remote attackers to inject arbitrary web script or HTML via the message body in a new message.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1077

Multiple cross-site scripting (XSS) vulnerabilities in the commentary in Evo-Dev evoBlog allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter and (2) other unspeci…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1080

Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter, possibly requiring a UR…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1082

Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the gamename parameter in tellafriend.php,…

CVSS: 4.3 CWE: N/A View on NVD

2006-03-08

Medium

CVE-2006-1070

Cross-site scripting (XSS) vulnerability in dv_gbook.php in DVguestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the f parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1071

Cross-site scripting (XSS) vulnerability in index.php in DVguestbook 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1072

Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog post.

CVSS: 4.3 CWE: N/A View on NVD

2006-03-07

Low

CVE-2006-1064

Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

CVSS: 2.6 CWE: N/A View on NVD

Medium

CVE-2006-1033

Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the user…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1034

Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php an…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1040

Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not san…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1041

Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_query parameter to search.php or (2) tag parameter…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1019

Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a BBCode url tag when using the show_post function. NOTE: the…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1021

Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to inject arbitrary web script or HTML via the ku…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1025

Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the proven…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2006-1029

The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malform…

CVSS: 4.3 CWE: N/A View on NVD

2006-03-06

Medium

CVE-2006-1004

Cross-site scripting (XSS) vulnerability in agencyprofile.asp in Parodia 6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the AG_ID parameter. NOTE: the provenance…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-1008

Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (…

CVSS: 5.8 CWE: N/A View on NVD

2006-03-03

Low

CVE-2006-0389

Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feed…

CVSS: 2.6 CWE: N/A View on NVD

Medium

CVE-2006-0974

Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe bttlxeForum 2.0 allows remote attackers to inject arbitrary web script or HTML via the err_txt parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0978

Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HT…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0980

Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI Calendar 2.7 allow remote attackers to inject arbitrary web script or HTML via the year parameter in (1) index.cgi and (2) viewda…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0983

Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0984

Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the gTopNombre parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0985

Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name,…

CVSS: 4.3 CWE: N/A View on NVD

2006-03-02

Medium

CVE-2006-0958

Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameter…

CVSS: 4.3 CWE: N/A View on NVD

2006-03-01

Medium

CVE-2006-0938

Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2006-0941

Multiple cross-site scripting (XSS) vulnerabilities in post.php in ShoutLIVE 1.1.0 allow remote attackers to inject arbitrary web script or HTML via certain variables when posting new messages.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0946

Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetw…

CVSS: 4.3 CWE: N/A View on NVD

2006-02-28

Medium

CVE-2006-0923

Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0924

Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the prove…

CVSS: 4.3 CWE: N/A View on NVD

Low

CVE-2006-0927

Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x allow remote attackers to inject arbitrary web script or HTML…

CVSS: 2.6 CWE: N/A View on NVD

Medium

CVE-2006-0933

Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a url XCode tag in a posted message. NOTE: the provenanc…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0934

Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the message field in the Contact Form.

CVSS: 4.3 CWE: N/A View on NVD

2006-02-25

Medium

CVE-2006-0885

Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0886

Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable).…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0889

Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows remote attackers to inject arbitrary web script or HTML via the EventText parameter. NOTE: the provenance of this information is unk…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0894

Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the html_error_occurred parameter in error.php, (2) html_…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0896

Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2006-02-24

Medium

CVE-2006-0875

Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter.

CVSS: 5.0 CWE: N/A View on NVD

Medium

CVE-2006-0877

Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable.

CVSS: 5.0 CWE: N/A View on NVD

Medium

CVE-2006-0880

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) inf parameter; or, when register_g…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0188

webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0195

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" a…

CVSS: 4.3 CWE: N/A View on NVD

2006-02-23

Medium

CVE-2006-0857

Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2006-0860

Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2006-02-22

Medium

CVE-2006-0841

Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monit…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0842

Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2006-0846

Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, whi…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0833

Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Directory 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) Add URL and (2) Suggest…

CVSS: 4.3 CWE: N/A View on NVD

2006-02-21

Medium

CVE-2006-0827

Cross-site scripting vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote at…

CVSS: 5.0 CWE: N/A View on NVD

Medium

CVE-2006-0829

Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows remote attackers to inject arbitrary web script or HTML via the referer (HTTP_REFERER), which is not sanitized when the log file is vi…

CVSS: 5.0 CWE: N/A View on NVD

Medium

CVE-2006-0806

Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page par…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2006-0810

Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly…

CVSS: 3.5 CWE: N/A View on NVD

Medium

CVE-2006-0811

Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board 0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters involved with the registration for…

CVSS: 4.3 CWE: N/A View on NVD

2006-02-20

Low

CVE-2006-0800

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">"…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2006-0802

Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML vi…

CVSS: 2.6 CWE: N/A View on NVD

2006-02-19

Medium

CVE-2006-0792

Cross-site scripting (XSS) vulnerability in preferences.personal.php in V-webmail 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the newid parameter. NOTE: the provenance o…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0796

Cross-site scripting (XSS) vulnerability in default.php in Clever Copy 3.0 allows remote attackers to inject arbitrary web script or HTML via the Subject field when sending private messages (privatem…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0780

Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in PerlBlog 1.09b and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0783

Cross-site scripting (XSS) vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the comment_text parameter…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0773

Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to inject arbitrary web…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0776

Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0779

Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2006-02-18

Low

CVE-2006-0770

Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being re…

CVSS: 2.6 CWE: N/A View on NVD

Medium

CVE-2006-0758

Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) i…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0763

Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter.

CVSS: 4.3 CWE: N/A View on NVD

2006-02-16

Medium

CVE-2006-0726

Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitrary web script or HTML via a URI that is generated when creating a li…

CVSS: 4.3 CWE: N/A View on NVD

Low

CVE-2006-0733

Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author'…

CVSS: 2.6 CWE: N/A View on NVD

Medium

CVE-2006-0735

Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript…

CVSS: 4.3 CWE: N/A View on NVD

2006-02-15

Medium

CVE-2006-0689

Cross-site scripting (XSS) vulnerability in the Registration Form in TTS Time Tracking Software 3.0 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0699

Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0703

Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0706

Cross-site scripting vulnerability in eintrag.php in Gästebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage param…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2006-0715

Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0682

Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0683

Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, w…

CVSS: 4.3 CWE: N/A View on NVD

2006-02-13

Medium

CVE-2006-0675

Cross-site scripting (XSS) vulnerability in search.php in Siteframe 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0676

Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0649

Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0650

Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpa…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0655

Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited.php and (2) link_added.php in Hinton Design phpht Topsites 1.3 allow remote attackers to inject arbitrary web script or HTML via…

CVSS: 4.3 CWE: N/A View on NVD

Low

CVE-2006-0657

Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2)…

CVSS: 3.5 CWE: N/A View on NVD

Medium

CVE-2006-0661

Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0662

Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rend…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0663

Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2006-0664

Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenan…

CVSS: 4.3 CWE: N/A View on NVD

2006-02-10

Medium

CVE-2006-0639

Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2006-0643

Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web Conferencing 4.1.0.755 allows remote authenticated users to inject arbitrary web script or HTML via the topic name of a conference.

CVSS: 4.3 CWE: N/A View on NVD

2006-02-09

Medium

CVE-2006-0627

Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and 3.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Referer or (2) X-Forwarded-For headers in an HTTP…

CVSS: 4.3 CWE: N/A View on NVD

About “Cross-site Scripting (XSS)”

CVE-2006-1223

CVE-2006-1215

CVE-2006-1216

CVE-2006-1199

CVE-2006-1202

CVE-2006-1204

CVE-2006-1205

CVE-2006-1196

CVE-2006-0820

CVE-2006-1160

CVE-2006-1163

CVE-2006-1165

CVE-2006-1155

CVE-2006-1157

CVE-2006-1143

CVE-2006-1144

CVE-2006-1151

CVE-2006-1130

CVE-2006-1131

CVE-2006-1133

CVE-2006-1135

CVE-2006-1127

CVE-2006-1120

CVE-2006-1121

CVE-2006-1122

CVE-2006-1089

CVE-2006-1096

CVE-2006-1097

CVE-2006-1106

CVE-2006-1107

CVE-2006-1110

CVE-2006-1077

CVE-2006-1080

CVE-2006-1082

CVE-2006-1070

CVE-2006-1071

CVE-2006-1072

CVE-2006-1064

CVE-2006-1033

CVE-2006-1034

CVE-2006-1040

CVE-2006-1041

CVE-2006-1019

CVE-2006-1021

CVE-2006-1025

CVE-2006-1029

CVE-2006-1004

CVE-2006-1008

CVE-2006-0389

CVE-2006-0974

CVE-2006-0978

CVE-2006-0980

CVE-2006-0983

CVE-2006-0984

CVE-2006-0985

CVE-2006-0958

CVE-2006-0938

CVE-2006-0941

CVE-2006-0946

CVE-2006-0923

CVE-2006-0924

CVE-2006-0927

CVE-2006-0933

CVE-2006-0934

CVE-2006-0885

CVE-2006-0886

CVE-2006-0889

CVE-2006-0894

CVE-2006-0896

CVE-2006-0875

CVE-2006-0877

CVE-2006-0880

CVE-2006-0188

CVE-2006-0195

CVE-2006-0857

CVE-2006-0860

CVE-2006-0841

CVE-2006-0842

CVE-2006-0846