CVE-2004-1845

Multiple cross-site scripting XSS vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to commentadd.asp, 2 search parameter to search.asp, or 3 n parameter to categorynewsheadline.asp...

CVE-2004-2670

Multiple cross-site scripting XSS vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter in a viewcat operation or 2 the query parameter in a search operation in the publisher module...

CVE-2004-2211

Cross-site scripting XSS vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the 1 forumid, 2 method, or 3 forumtitle parameters to post.asp, 4 the forumtitle parameter to forum.asp, or 5 the id parameter to post.asp...

CVE-2004-2188

Cross-site scripting XSS vulnerability in DMXReady Site Chassis Manager allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2004-2528

Cross-site scripting XSS vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter...

CVE-2004-1499

Cross-site scripting XSS vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field...

CVE-2004-1529

Cross-site scripting XSS vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the 1 type, 2 day, 3 month, or 4 year parameters in a Preview operation, or 5 event comments...

CVE-2004-2508

Cross-site scripting XSS vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the nextfile parameter...

CVE-2004-2351

Cross-site scripting XSS vulnerability in GBook for Php-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via multiple parameters, including 1 name, 2 email, 3 city, and 4 message, which do not use the and tags, which are filtered by PHP-Nuke...

CVE-2004-2334

Multiple cross-site scripting XSS vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via 1 a hex-encoded value to the variable parameter in emumail.fcgi, 2 the folder parameter in emumail.fcgi, or Javascript in the 3 username or 4 password field in...

CVE-2004-2475

Cross-site scripting XSS vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it i...

CVE-2004-1197

Cross-site scripting XSS vulnerability in inshop.pl in Insite inShop allows remote attackers to inject arbitrary web script or HTML via the screen parameter...

CVE-2004-1594

Cross-site scripting XSS vulnerability in FuseTalk 4.0 allows remote attackers to execute arbitrary web script via an img src tag...

CVE-2004-1692

Cross-site scripting XSS vulnerability in index.php in Mambo 4.5 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the 1 Itemid, 2 mosmsg, or 3 limit parameters...

CVE-2004-0673

Cross-site scripting XSS vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting error message...

CVE-2004-0675

Cross-site scripting XSS vulnerability in 1 cart32.exe or 2 c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command...

CVE-2004-1965

Multiple cross-site scripting XSS vulnerabilities in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 redirect parameter to member.php, 2 to parameter to myhome.php 3 TID parameter to post.php, or 4 redirect parameter to index.p...

CVE-2004-1875

Multiple cross-site scripting XSS vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to testfile.html, 2 file parameter to erredit.html, 3 dns parameter to dnslook.html, 4 account parameter to ignorelist.html, 5 account...

CVE-2004-1871

Multiple cross-site scripting XSS vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 ppuser, 2 password, 3 stype, 4 perpage, 5 sort, 6 page, 7 si, or 8 cat parameters to showmembers.php, or the 9 photo name, 10 photo...

CVE-2004-0271

Multiple cross-site scripting vulnerabilities XSS in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via 1 the subname parameter of dlshowall.asp, 2 the SendTo parameter in Personal Messages, 3 the HTTPREFERER for down.asp, or 4 the image name of an Avatar in th...