CVE-2006-2124

Multiple cross-site scripting XSS vulnerabilities in SunShop 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 prevaction, 2 previd, 3 prevstart, 4 itemid, 5 id, and 6 action parameters in index.php...

CVE-2006-2048

Multiple cross-site scripting XSS vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 port, 2 server, and 3 user parameters. NOTE: it is possible that the affected version is actually 3.2...

CVE-2006-1479

Multiple cross-site scripting XSS vulnerabilities in Serge Rey gtd-php aka Getting Things Done 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in 1 newProject.php, 2 newList.php, and 3 newWaitingOn.php; the Title field in 4 newProject.php, 5 newList.php...

Cross site scripting

Cross-site scripting XSS vulnerability in accountlogon.cfm in classifiedZONE 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rtn parameter...

CVE-2006-1427

Multiple cross-site scripting XSS vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 action, 2 id, 3 num, 4 board, 5 cat, 6 real, 7 viewcat, 8 img, or 9 curcatname parameter in cgi-bin/index.cgi, or 10 vsSD parameter in...

CVE-2006-1222

Multiple cross-site scripting XSS vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the 1 memo box title, 2 user email, and 3 homepage fields...

WordPress < 2.0.1 Arbitrary Script Injection

Binary data 3435.prm...

httprint 202.0 - HTTP Response Server Field Arbitrary Script Injection

source: https://www.securityfocus.com/bid/16031/info httprint is prone to multiple remote vulnerabilities. The first issue may allow remote attackers to execute arbitrary HTML and script code in a user's browser. The second issue may allow remote attackers to crash an instance of the application...

CVE-2005-4415

Cross-site scripting XSS vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter...

CVE-2005-4379

Multiple cross-site scripting XSS vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the 1 sortmode parameter to a fisheye/listgalleries.php, b messages/messagebox.php, and c users/my.php; the 2 postid parameter to d blogs/viewpost.ph...

CVE-2005-4284

Cross-site scripting XSS vulnerability in StaticStore Search Engine 1.189A and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to search.cgi, possibly the keywords parameter. NOTE: this issue was originally disputed by the vendor, but it has since...

CVE-2005-4061

Cross-site scripting XSS vulnerability in PASearch.asp in XcPhotoAlbum 1.x allows remote attackers to inject arbitrary web script or HTML via the search parameters...

PT-2005-4395 · Ekinboard · Ekinboard

Name of the Vulnerable Software and Affected Versions: Ekinboard version 1.0.3 Description: The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting XSS attacks. This is possible via the id parameter in the "profile.php" endpoint and the...

CVE-2005-2336

Cross-site scripting XSS vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803...

CVE-2002-2086

Multiple cross-site scripting XSS vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via 1 "script" in unspecified input fields or 2 a javascript: URL in the src attribute of an IMG tag...

CVE-2005-1027

Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter in the YourAccount module, 2 avatarcategory parameter in the YourAccount module, or 3 lid parameter in the Downloads module...

CuteNews <= 1.3.6 Multiple XSS

According to its version number, the remote host is running a version of CuteNews that allows an attacker to inject arbitrary script through the variables 'X-FORWARDED-FOR' or 'CLIENT-IP' when adding a comment. On one hand, an attacker can inject a client-side script to be executed by an...

CVE-2005-0526

Multiple cross-site scripting XSS vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via 1 the search string to search.php, 2 the subject of a PM, which is processed by pm.php, or 3 the body of a PM, which is processed by pmpshow.php...

FlatNuke < 2.5.2 Form Submission Arbitrary Script Injection

Binary data 2483.prm...

CVE-2004-2509

Cross-site scripting XSS vulnerabilities in 1 calendar.php, 2 login.php, and 3 online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter...