CVE-2006-1824

CVE-2006-1824 affects PhpGuestbook 1.0 and is described as multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php, exploitable via the Name, Website, and Comment parameters to inject arbitrary web script or HTML. The connected documents provide the vulnerability description and r...

PhpGuestbook <= 1.0 XSS

PhpGuestbook = 1.0 XSS Post Comment:- Name: 'scriptalertdocument.cookie/script Website: Comment: 'scriptalertdocument.cookie/script Found By: Qex...

CVE-2005-4785

Cross-site scripting XSS vulnerability in QuickBlogger 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 author "your name" and 2 "comment" section...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the backend in MvBlog before 1.6 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 body fields in a comment...

CVE-2006-1752

Multiple cross-site scripting XSS vulnerabilities in the backend in MvBlog before 1.6 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 body fields in a comment...

Cross site scripting

Cross-site scripting XSS vulnerability in inscription.php in Annuaire Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field COMMENTAIRE parameter...

CVE-2006-1434

Cross-site scripting XSS vulnerability in inscription.php in Annuaire Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field COMMENTAIRE parameter...

CVE-2006-1554

Cross-site scripting XSS vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment...

CVE-2006-1554

Cross-site scripting XSS vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment...

CVE-2006-1143

Cross-site scripting XSS vulnerability in FTPoed Blog Engine 1.1 allows remote attackers to inject arbitrary web script or HTML via the commentbody parameter, as used by the comment field, when posting a comment...

Cross site scripting

Cross-site scripting XSS vulnerability in FTPoed Blog Engine 1.1 allows remote attackers to inject arbitrary web script or HTML via the commentbody parameter, as used by the comment field, when posting a comment...

CVE-2006-1143

Cross-site scripting XSS vulnerability in FTPoed Blog Engine 1.1 allows remote attackers to inject arbitrary web script or HTML via the commentbody parameter, as used by the comment field, when posting a comment...

CVE-2006-1127

Cross-site scripting XSS vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For XFORWARDEDFOR HTTP header, which is not properly handled when adding a comment to an album...

sBlog_0.72_xss.txt

sBlog 0.7.2 == Multiple Cross-Site Scripting Vulnerability =================================== Information of Software: Software: sBlog 0.7.2 Site: http://servous.se/ Description: sBlog is a simple and new PHP Blog. Is very very simple and it's use by newbie of PHP...

CVE-2006-1012

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...

CVE-2006-1012

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...

DEBIAN-CVE-2006-0985

Multiple cross-site scripting XSS vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 website, and 3 comment parameters...

CVE-2006-0985

Multiple cross-site scripting XSS vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 website, and 3 comment parameters...

guestbook06.txt

author.: l0om - www.excluded.org product: guestbox latest non-BETA 0.6 page: http://spring.realone.ch dork: "Login - Guestbox 0.6" inurl:guestbox.php someone asked me to check the guestbook named "guestbox" and thats the advisory based on my checks. 1.0 everyone can set admin comments to all...

Design/Logic Flaw

Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter...