CVE-2006-3014

CVE-2006-3014 affects Microsoft Excel where embedding a Shockwave Flash Player ActiveX Object inside an XLS can automatically execute, enabling user-assisted arbitrary JavaScript execution and redirection when the spreadsheet is opened. According to SUSE and CPAI advisories, the issue originates ...

CVE-2006-3014

Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet...

CVE-2006-2611

Cross-site scripting XSS vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | pipe character...

Cross site scripting

Cross-site scripting XSS vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | pipe character...

CVE-2006-2611

Cross-site scripting XSS vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | pipe character...

CVE-2006-2611

MediaWiki 1.6.x is affected in includes/Sanitizer.php (variable handler) by CVE-2006-2611. The vulnerability allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the | character, and is exploitable before revision r14349. The NVD notes a Medium risk w...

Cross site scripting

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by 1 "using a modal alert to suspend an event handler while a new page is being loaded", 2 using eval, and using...

XSS vulnerability in Dada Mail

According to its banner, the remote version of Dada Mail does not properly validate user written content before submitting that data to the archiving system. SPDX-FileCopyrightText: 2005 Josh Zlatin-Amishav Some text descriptions might be excerpted from a referenced sources, and are Copyright C b...

Jupiter CMS <= 1.1.5 multiple XSS attack vectors.

Jupiter CMS = 1.1.5 multiple XSS attack vectors. Discovered by: Nomenumbra/0x4F4C Date: 3/11/2006 impact:high privilege escalation,site defacement Jupiter CMS http://www.highstrike.net/ is a dynamic CMS system like mambo or limbo, allowing users to subscribe and posts events. Because no filtering...

Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities

Jupiter CMS , to redirect the user to a page of your choice, to avoid suspicion and disclosure of your cookiestealer's location. This injections would allow an attacker to redirect users to a page of his choice, effectively defacing the page:...

Jupiter CMS <= 1.1.5 Multiple XSS Attack Vectors

No description provided by source. Jupiter CMS = 1.1.5 multiple XSS attack vectors. Discovered by: Nomenumbra/0x4F4C Date: 3/11/2006 impact:high privilege escalation,site defacement Jupiter CMS http://www.highstrike.net/ is a dynamic CMS system like mambo or limbo, allowing users to subscribe and...

CVE-2006-0389

CVE-2006-0389 describes a cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) on Mac OS X 10.4 through 10.4.5. The flaw allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds, in the context of the affected user’s browser. Affected pro...

CVE-2006-0735

Cross-site scripting XSS vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an 1 img or 2 url BBcode tag...

CVE-2006-0296

CVE-2006-0296 affects Mozilla Suite components including Mozilla/Firefox up to 1.5.0.1 and SeaMonkey up to 1.0. The vulnerability arises in the XULDocument.persist function where the attribute name is not validated, enabling remote attackers to inject RDF data into the user’s localstore.rdf and e...

CVE-2006-0296

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...

CVE-2006-0296

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...

CVE-2006-0310

Cross-site scripting XSS vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag...

Ubuntu 4.10 / 5.04 : courier vulnerabilities (USN-201-1)

Several Cross Site Scripting vulnerabilities were discovered in SqWebmail. A remote attacker could exploit this to execute arbitrary JavaScript or other active HTML embeddable content in the web browser of an SqWebmail user by sending specially crafted emails to him. Please note that the...

CVE-2006-0165

Cross-site scripting XSS vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 gamma allows remote attackers to inject arbitrary Javascript via the 1 url and 2 name field of the default email form...

Cross site scripting

Cross-site scripting XSS vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI...