CVE Daily
← All tags

Tag: Cross-site Scripting (XSS)

All CVEs associated with "Cross-site Scripting (XSS)". Page 385/397 • 47635 CVEs.

Subscribe CVEs: RSS for “Cross-site Scripting (XSS)”  ·  RSS (High+Critical only)

About “Cross-site Scripting (XSS)”

A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47635 CVEs for this tag (all time). In the last 365 days, 7582 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2006-02-08
Medium

CVE-2006-0603

Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) location, (2) website, or (3…

CVSS: 6.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-0605

Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain Shoutbox 2005.07.21 allow remote attackers to inject arbitrary web script or HTML, possibly via the (1) Handle or (2) Message fie…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0609

Cross-site scripting (XSS) vulnerability in add.php in Hinton Design phphd 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0593

Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) co…

CVSS: 4.3 CWE: N/A View on NVD
2006-02-07
Medium

CVE-2006-0568

Cross-site scripting (XSS) vulnerability in throw.main in Outblaze allows remote attackers to inject arbitrary web script or HTML via the file parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0569

Cross-site scripting (XSS) vulnerability in user_class.php in Papoo 2.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username field during the registration of…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0571

Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0573

Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodel…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0574

Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type.

CVSS: 4.3 CWE: N/A View on NVD
2006-02-06
Medium

CVE-2006-0562

Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0437

Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smi…

CVSS: 4.3 CWE: N/A View on NVD
2006-02-04
Medium

CVE-2006-0541

Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new mes…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0532

Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker Shop allows remote attackers to inject arbitrary web script or HTML via a strSok parameter containing a javascript: URI in an IMG…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0533

Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-0534

Multiple cross-site scripting (XSS) vulnerabilities in default.asp in CyberShop Ultimate E-commerce allow remote attackers to inject arbitrary web script or HTML via the (1) ortak or (2) kat paramete…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0535

Multiple cross-site scripting (XSS) vulnerabilities in Community Server allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: this candidate does not contai…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-0536

Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. NOTE: some sources say that the affected…

CVSS: 4.3 CWE: N/A View on NVD
2006-02-02
Medium

CVE-2006-0518

Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang param…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0521

Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM allows remote attackers to inject arbitrary web script or HTML via certain manipulations of the query parameter, as demonstrated…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0524

Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CVSS: 4.3 CWE: N/A View on NVD
2006-02-01
Medium

CVE-2006-0506

Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN 1.7 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0507

Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow remote attackers to inject arbitrary web script or HTML via (1) unknown attack vectors in the administrative interface and (2) in…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0509

Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search paramet…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0499

Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of th…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0501

Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the Name field, when registering a user.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0498

Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before 1.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0493

Cross-site scripting (XSS) vulnerability in MG2 (formerly known as Minigal) 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field in a comment associated with a pict…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0495

Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0496

Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject a…

CVSS: 4.3 CWE: N/A View on NVD
2006-01-31
Medium

CVE-2006-0470

Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, wh…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0471

Cross-site scripting (XSS) vulnerability in the bbcode function in functions.php in my little homepage my little forum, as last modified in June 2005, allows remote attackers to inject arbitrary Java…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0472

Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javas…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0473

Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javas…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0479

pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0480

Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file.

CVSS: 4.3 CWE: N/A View on NVD
2006-01-30
Medium

CVE-2006-0469

Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of…

CVSS: 4.3 CWE: N/A View on NVD
2006-01-27
Medium

CVE-2006-0461

Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer).

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0463

Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows remote attackers to inject arbitrary web script or HTML via the (1) goto_id parameter to index.php or (2) page parameter to news…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0465

Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in active121 Site Manager allows remote attackers to inject arbitrary web script or HTML via the cerca parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0466

Cross-site scripting (XSS) vulnerability in search.asp in Goldstag Content Management System allows remote attackers to inject arbitrary web script or HTML via the text parameter.

CVSS: 4.3 CWE: N/A View on NVD
2006-01-26
Medium

CVE-2006-0442

Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notep…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-0443

Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) realname and (2) comment parameters, or (3) via a…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0444

SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page…

CVSS: 6.8 CWE: N/A View on NVD
2006-01-25
Medium

CVE-2006-0415

Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0407

Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0409

Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup.

CVSS: 4.3 CWE: N/A View on NVD
2006-01-23
Medium

CVE-2006-0378

Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager allows remote attackers to inject arbitrary web script or HTML via the product_id parameter, as originally demonstrated for a custom…

CVSS: 4.3 CWE: N/A View on NVD
2006-01-22
Medium

CVE-2006-0361

Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an <a> tag in the comment paramete…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0364

Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of a…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-0365

Cross-site scripting (XSS) vulnerability in XMB (aka extreme message board) allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0366

Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a BBCode img tag.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0373

Cross-site scripting (XSS) vulnerability in register.aspx in Douran FollowWeb allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this…

CVSS: 4.3 CWE: N/A View on NVD
2006-01-21
Medium

CVE-2006-0346

Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via a website field in a new comment to view.php, which is not properly handle…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0350

Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote attackers to inject arbitrary web script or HTML via the message field to topic.php.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0330

Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0333

Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) month or (2) year parameter to index.php.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0334

Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some sources cl…

CVSS: 4.3 CWE: N/A View on NVD
2006-01-19
Medium

CVE-2006-0310

Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0315

index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks,…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-0317

Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, whic…

CVSS: 4.3 CWE: N/A View on NVD
2006-01-18
Medium

CVE-2006-0243

Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the text parameter, which is used by the "Search Site" field. NOTE: the prov…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0245

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) c…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0246

Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download Tracker 1.06 allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0247

Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula Anyboard 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tK parameter in a find command.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0251

Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic 2.711 allows remote attackers to inject arbitrary web script or HTML via the (1) _duration, (2) file, and (3) cmd parameters.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0254

Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid par…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0237

Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) subcat parameters. NOTE: the provenance…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0239

Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via (1) a comment to comments.asp and (2) possibly certain other f…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-0241

Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-0242

Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter.

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2006-0233

Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2006-01-16
Medium

CVE-2006-0220

Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0222

Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0215

Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: t…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0217

Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category param…

CVSS: 4.3 CWE: N/A View on NVD
2006-01-14
Medium

CVE-2006-0210

Cross-site scripting (XSS) vulnerability in index.php in Interspire TrackPoint NX before 0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter when using the L…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0211

Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm Hosting Control Panel 3.2.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the txtEmailAddress p…

CVSS: 4.3 CWE: N/A View on NVD
2006-01-13
Medium

CVE-2006-0198

Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0204

Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the "Course name" field in index.php when the frm paramete…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-0208

Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-0193

Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0194

Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in th…

CVSS: 4.3 CWE: N/A View on NVD
2006-01-12
Medium

CVE-2006-0180

Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly oth…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0185

Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an I…

CVSS: 5.0 CWE: N/A View on NVD
2006-01-11
Medium

CVE-2006-0165

Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 (gamma) allows remote attackers to inject arbitrary Javascript via the (1) url and (2…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0168

Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows remote attackers to inject arbitrary web script or HTML via the description field on the "Create New todo" page.

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2006-0172

Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitra…

CVSS: 3.5 CWE: N/A View on NVD
Medium

CVE-2006-0175

Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2006-01-10
Medium

CVE-2006-0152

Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this in…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0155

Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0156

Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in (1) addpost1.php and (2) addtopic1.php.

CVSS: 4.3 CWE: N/A View on NVD
2006-01-09
Medium

CVE-2006-0149

Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field.

CVSS: 6.1 CWE: CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) View on NVD
Medium

CVE-2006-0140

Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) ur…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-0142

Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: the provenance of…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0116

Cross-site scripting vulnerability search.inetstore in iNETstore Ebusiness Software 2.0 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-0122

Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0124

Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" fiel…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0134

Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0136

Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or…

CVSS: 4.3 CWE: N/A View on NVD
2006-01-07
Medium

CVE-2006-0112

Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0109

Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-0110

Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to inject arbitrary web script via the email parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0111

Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) parent or (2) pg parameter.

CVSS: 5.0 CWE: N/A View on NVD
2006-01-06
Medium

CVE-2006-0101

Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-0102

Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0341

Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string.

CVSS: 4.3 CWE: N/A View on NVD
2006-01-05
Medium

CVE-2006-0063

Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single q…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-0084

Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the $_SERVER[HTTP_USER_AGENT] variable (User-Agent header…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-0086

Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-0091

Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachme…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0093

Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

CVSS: 4.3 CWE: N/A View on NVD
2006-01-04
Medium

CVE-2006-0078

Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or t…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0080

Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not prop…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0070

Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function.…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-0073

Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL,…

CVSS: 4.3 CWE: N/A View on NVD
2006-01-03
Medium

CVE-2006-0069

Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter.

CVSS: 4.3 CWE: N/A View on NVD
2005-12-31
Medium

CVE-2005-2460

Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResponse 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter or (2) name field when ente…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2005-2465

Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variable.

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2005-2467

Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2005-3619

Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allo…

CVSS: 6.8 CWE: N/A View on NVD