Cross-site Scripting (XSS) - 47635 CVEs (Page 392/397)

2005-03-30

Medium

CVE-2005-0477

Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post con…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2005-0480

Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not p…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2005-0485

Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter.

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2005-0487

Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter.

CVSS: 6.8 CWE: N/A View on NVD

2005-03-29

Medium

CVE-2005-0919

Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2005-0924

Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows remote attackers to inject arbitrary web script or HTML via a query keyword.

CVSS: 4.3 CWE: N/A View on NVD

2005-03-28

Medium

CVE-2005-0908

Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to index.php or (2) the se…

CVSS: 4.3 CWE: N/A View on NVD

2005-03-26

Medium

CVE-2005-0898

Cross-site scripting (XSS) vulnerability in downloadform.php in E-Store Kit-2 PayPal Edition allows remote attackers to inject arbitrary web script or HTML via the txn_id parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2005-0914

Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat pa…

CVSS: 4.3 CWE: N/A View on NVD

2005-03-24

Medium

CVE-2005-0889

Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi CMS 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the area parameter.

CVSS: 4.3 CWE: N/A View on NVD

2005-03-23

Medium

CVE-2005-0878

Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM (private message).

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2005-0881

Cross-site scripting (XSS) vulnerability in articles.newcomment for Interspire ArticleLive 2005 allows remote attackers to inject arbitrary web script or HTML via the Articleld parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2005-0883

Multiple cross-site scripting (XSS) vulnerabilities in base.php for DigitalHive 2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the mt parameter to the membres.php page or (…

CVSS: 4.3 CWE: N/A View on NVD

2005-03-14

Medium

CVE-2005-0509

Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for AS…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2005-0791

Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parame…

CVSS: 4.3 CWE: N/A View on NVD

2005-03-08

Medium

CVE-2005-0723

Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters,…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2005-0741

Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action.

CVSS: 4.3 CWE: N/A View on NVD

2005-03-07

Medium

CVE-2005-0548

Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function.

CVSS: 4.3 CWE: N/A View on NVD

2005-03-06

Medium

CVE-2005-0692

Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encode…

CVSS: 4.3 CWE: N/A View on NVD

2005-03-03

Medium

CVE-2005-0674

Cross-site scripting (XSS) vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request.

CVSS: 4.3 CWE: N/A View on NVD

2005-03-02

Medium

CVE-2005-0641

Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) n…

CVSS: 4.3 CWE: N/A View on NVD

2005-03-01

Medium

CVE-2004-1036

Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote atta…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2004-1055

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zer…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2005-0628

Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in search.php or the (2) body or (3) sub…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2005-0629

Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters.

CVSS: 4.3 CWE: N/A View on NVD

2005-02-28

Medium

CVE-2005-0616

Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2)…

CVSS: 4.3 CWE: N/A View on NVD

2005-02-24

Medium

CVE-2005-0543

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in s…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2005-02-22

Medium

CVE-2005-0514

Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters.

CVSS: 4.3 CWE: N/A View on NVD

2005-02-19

Medium

CVE-2005-0495

Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to…

CVSS: 4.3 CWE: N/A View on NVD

2005-02-17

Medium

CVE-2005-0462

Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and 1.1.x allows remote attackers to inject arbitrary HTML and web script via the f parameter.

CVSS: 4.3 CWE: N/A View on NVD

2005-02-16

Medium

CVE-2005-0452

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII…

CVSS: 4.3 CWE: N/A View on NVD

2005-02-15

Medium

CVE-2005-0434

Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation…

CVSS: 4.3 CWE: N/A View on NVD

2005-01-29

Medium

CVE-2005-0104

Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.

CVSS: 4.3 CWE: N/A View on NVD

2005-01-28

Medium

CVE-2005-0317

Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2005-0319

Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote atta…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2005-0320

Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to lo…

CVSS: 5.0 CWE: N/A View on NVD

2005-01-27

Medium

CVE-2005-0314

Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields.

CVSS: 4.3 CWE: N/A View on NVD

2005-01-25

Medium

CVE-2005-0307

Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6)…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2005-0309

Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) mod.php in Exponent 0.95 allow remote attackers to inject arbitrary web script or HTML via the module parameter.

CVSS: 4.3 CWE: N/A View on NVD

2005-01-17

Medium

CVE-2005-0221

Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2005-0291

Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a bl…

CVSS: 4.3 CWE: N/A View on NVD

2005-01-13

Medium

CVE-2005-0381

Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 allows remote attackers to inject arbitrary web script or HTML via the members parameter.

CVSS: 4.3 CWE: N/A View on NVD

2005-01-10

Medium

CVE-2004-1075

Cross-site scripting (XSS) vulnerability in standard_error_message.dtml for Zwiki after 0.10.0rc1 to 0.36.2 allows remote attackers to inject arbitrary HTML and web script via a malformed URL, which…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2004-1100

Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTM…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2004-1101

mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error messag…

CVSS: 5.8 CWE: N/A View on NVD

Medium

CVE-2004-1106

Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include paramet…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2004-1130

Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) nam…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2004-1133

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2004-1177

Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the re…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1196

Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail allows remote attackers to inject arbitrary web script or HTML via the acao parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2004-1197

Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop allows remote attackers to inject arbitrary web script or HTML via the screen parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2004-1202

Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the fi…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2004-1210

Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) part variabl…

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2004-1213

Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parame…

CVSS: 6.8 CWE: N/A View on NVD

High

CVE-2004-1229

Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2…

CVSS: 7.5 CWE: N/A View on NVD

2005-01-06

Medium

CVE-2004-1318

Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") charact…

CVSS: 4.3 CWE: N/A View on NVD

2005-01-04

Medium

CVE-2004-1061

Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demons…

CVSS: 4.3 CWE: N/A View on NVD

2005-01-03

Medium

CVE-2005-0274

Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or (4)…

CVSS: 4.3 CWE: N/A View on NVD

2005-01-01

Medium

CVE-2005-0266

Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module…

CVSS: 4.3 CWE: N/A View on NVD

2004-12-31

Medium

CVE-2004-2320

The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

Medium

CVE-2004-2325

Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1146

Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1384

Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1397

Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via an argument to wiki.pl.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1409

Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML.

CVSS: 5.0 CWE: N/A View on NVD

Medium

CVE-2004-1410

Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1412

Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1417

Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2004-1418

Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail address, which is not quoted when a parsing error…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1420

Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1424

Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Critical

CVE-2004-1441

Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter.

CVSS: 9.3 CWE: N/A View on NVD

Medium

CVE-2004-1442

Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1443

Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arb…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1467

Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calenda…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1477

Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1499

Cross-site scripting (XSS) vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1506

Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5)…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1512

Cross-site scripting (XSS) vulnerability in Response_default.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted i…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1529

Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year param…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1537

Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1544

Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1551

Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1559

Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1563

Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1566

Cross-site scripting (XSS) vulnerability in index.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to execute arbitrary web script or HTML via the module parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1578

Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1589

Cross-site scripting (XSS) vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the (1) Category parameter to Forum.asp or (2) MainMessageID paramet…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1593

Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1730

Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1738

Cross-site scripting (XSS) vulnerability in page.php in JShop allows remote attackers to inject arbitrary web script or HTML via the xPage parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1746

Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the (1) cat_select or (2) show parameters.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1747

Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 running firmware 1.2 Release 03 allows remote attackers to inject arbitrary web script or HTML via the DHCP HOSTNAME option.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1779

Cross-site scripting (XSS) vulnerability in board.php for ThWboard before beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the lastvisited parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1789

Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1790

Cross-site scripting (XSS) vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1794

Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows remote attackers to inject arbitrary web script or HTML via the NICKNAME tag in a vCard.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1797

Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1807

Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to inject arbitrary web script or HTML via the URL.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1809

Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays pa…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1823

Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showt…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1824

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1837

Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey field…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1844

Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1845

Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search p…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1863

Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader pa…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2004-1867

Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest Book allows remote attackers to inject arbitrary web script or HTML via the Name field.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1879

Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1882

Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1911

Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1913

Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-1960

Cross-site scripting (XSS) vulnerability in blocker_query.php in Protector System 1.15b1 allows remote attackers to inject arbitrary web script or HTML via the (1) target or (2) portNum parameters.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-2015

Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via (1) iframe, (2) img, or (3) object tags.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-2017

Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-2020

Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2)…

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-2059

Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parame…

CVSS: 5.0 CWE: N/A View on NVD

Medium

CVE-2004-2063

Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-2072

Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter.

CVSS: 6.8 CWE: N/A View on NVD

Medium

CVE-2004-2076

Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

CVSS: 4.3 CWE: N/A View on NVD

Medium

CVE-2004-2094

Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbitrary HTML or web script as other users via a URL that contains the script.

CVSS: 4.3 CWE: N/A View on NVD

About “Cross-site Scripting (XSS)”

CVE-2005-0477

CVE-2005-0480

CVE-2005-0485

CVE-2005-0487

CVE-2005-0919

CVE-2005-0924

CVE-2005-0908

CVE-2005-0898

CVE-2005-0914

CVE-2005-0889

CVE-2005-0878

CVE-2005-0881

CVE-2005-0883

CVE-2005-0509

CVE-2005-0791

CVE-2005-0723

CVE-2005-0741

CVE-2005-0548

CVE-2005-0692

CVE-2005-0674

CVE-2005-0641

CVE-2004-1036

CVE-2004-1055

CVE-2005-0628

CVE-2005-0629

CVE-2005-0616

CVE-2005-0543

CVE-2005-0514

CVE-2005-0495

CVE-2005-0462

CVE-2005-0452

CVE-2005-0434

CVE-2005-0104

CVE-2005-0317

CVE-2005-0319

CVE-2005-0320

CVE-2005-0314

CVE-2005-0307

CVE-2005-0309

CVE-2005-0221

CVE-2005-0291

CVE-2005-0381

CVE-2004-1075

CVE-2004-1100

CVE-2004-1101

CVE-2004-1106

CVE-2004-1130

CVE-2004-1133

CVE-2004-1177

CVE-2004-1196

CVE-2004-1197

CVE-2004-1202

CVE-2004-1210

CVE-2004-1213

CVE-2004-1229

CVE-2004-1318

CVE-2004-1061

CVE-2005-0274

CVE-2005-0266

CVE-2004-2320

CVE-2004-2325

CVE-2004-1146

CVE-2004-1384

CVE-2004-1397

CVE-2004-1409

CVE-2004-1410

CVE-2004-1412

CVE-2004-1417

CVE-2004-1418

CVE-2004-1420

CVE-2004-1424

CVE-2004-1441

CVE-2004-1442

CVE-2004-1443

CVE-2004-1467

CVE-2004-1477

CVE-2004-1499

CVE-2004-1506

CVE-2004-1512