CVE-2005-2055

RealPlayer 8, 10, 10.5 6.0.12.1040-1069, and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers"...

CVE-2004-2094

WebcamXP 1.06.945 is affected by a cross-site scripting (XSS) vulnerability. A remote attacker can inject arbitrary HTML or web script as other users through a URL that contains the script. The description does not provide concrete details on root cause beyond the XSS flaw, nor explicit remediati...

CVE-2004-2094

Cross-site scripting XSS vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbitrary HTML or web script as other users via a URL that contains the script...

CVE-2004-2020

Multiple cross-site scripting XSS vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the 1 optionbox parameter in the News module, 2 date parameter in the Statistics module, 3 year, month, and month1 parameters in the StoriesArchive...

CVE-2004-1979

Cross-site scripting XSS vulnerability in dosearch.php in PROPS 0.6.1 allows remote attackers to inject arbitrary HTML or web script via the searchstring parameter...

CVE-2004-2017

Multiple cross-site scripting XSS vulnerabilities in Turbo Traffic Trader C TTT-C 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via 1 the link parameter to ttt-out, 2 the X-Forwarded-For header in a GET request to ttt-in, 3 the Referer header in a GET request ...

CVE-2005-0336

Cross-site scripting XSS vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to inject arbitrary HTML or web script, as demonstrated using a URL containing .. sequences and HTML, which results in a directory browsing page that does not properly filter the HTML...

CVE-2005-0412

Cross-site scripting XSS vulnerability in Spidean PostWrap allows remote attackers to inject arbitrary HTML and web script via the page parameter...

phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities

The installed version of phpBB on the remote host includes a photo album module that has multiple vulnerabilities: - A SQL Injection Vulnerability An attacker can pass arbitrary SQL code through the 'mode' parameter of the 'albumsearch.php' script to manipulate database queries. - Various...

CVE-2005-0487

Cross-site scripting XSS vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter...

ACS Blog 0.8/0.9/1.0/1.1 - &#039;Name&#039; HTML Injection

source: https://www.securityfocus.com/bid/12921/info ACS Blog is affected by an HTML injection vulnerability. The issue affects the 'Name' field and may be exploited to execute arbitrary HTML and script code in the browser of the user when the user views an affected Web page. Name:...

CVE-2005-0509

Multiple cross-site scripting XSS vulnerabilities in the Mono 1.0.5 implementation of ASP.NET .Net allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including "" and ""...

CVE-2005-0606

Cross-site scripting XSS vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the 1 catid, 2 PHPSESSID, 3 viewdoc, 4 product, 5 session, 6 catname, 7 search, or 8 page parameters...

CVE-2005-0509

Multiple cross-site scripting XSS vulnerabilities in the Mono 1.0.5 implementation of ASP.NET .Net allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including "" and ""...

CVE-2005-0462

MercuryBoard is affected (versions 1.0.x and 1.1.x) by a cross-site scripting (XSS) vulnerability that allows remote injection of HTML/script via the f parameter. The OpenVAS entry also notes multiple vulnerabilities including XSS, SQL injection, and path disclosure in MercuryBoard. The CVE-2005-...

CVE-2005-0434

Multiple cross-site scripting XSS vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via 1 the newdownloadshowdays parameter in a NewDownloads operation or 2 the newlinkshowdays parameter in a NewLinks operation...

CVE-2004-1318

Cross-site scripting XSS vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab "%09" character, which prevents the rest of the query from being properly sanitized...

CVE-2004-1318

Cross-site scripting XSS vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab "%09" character, which prevents the rest of the query from being properly sanitized...

CVE-2004-1061

Cross-site scripting XSS vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter...

CVE-2004-2568

Multiple cross-site scripting XSS vulnerabilities in ReciPants 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 user id, 2 recipe id, 3 category id, and 4 other ID number fields...