CVE-2006-0322

Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service infinite loop via "certain malformed links."...

CVE-2005-4649

Multiple cross-site scripting XSS vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via 1 the entry parameter in index.php and 2 the gbid parameter in comment.php. NOTE: The index.php/entry vector might be resultant from CVE-2005-154...

CVE-2006-0198

CVE-2006-0198 describes a Cross-site scripting (XSS) vulnerability in a XOOPS module (possibly poll or Pool) where remote attackers can inject arbitrary web script or HTML via the SRC attribute of an IMG element in a comment. The issue is documented with a MEDIUM base score (4.3) and partial inte...

CVE-2005-4785

Cross-site scripting XSS vulnerability in QuickBlogger 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 author "your name" and 2 "comment" section...

CVE-2005-4725

Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID...

CVE-2005-4799

Multiple cross-site scripting XSS vulnerabilities in Yet Another PHP Image Gallery YaPIG 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the Homepage field aka the Website field in an "image-related comment" and 2 the imgsize field in view.php. NOTE: due to...

DEBIAN-CVE-2005-4463

WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to 1 wp-includes/vars.php, 2 wp-content/plugins/hello.php, 3 wp-admin/upgrade-functions.php, 4 wp-admin/edit-form.php, 5 wp-settings.php, and 6 wp-admin/edit-form-comment.php, which leaks the path ...

CVE-2005-4460

Cross-site scripting XSS vulnerability in Beehive Forum 0.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 Name, 2 Description, and 3 Comment fields to a links.php and b linksadd.php...

CVE-2005-3494

Cross-site scripting XSS vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment...

CVE-2005-3494

Cross-site scripting XSS vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment...

CVE-2005-3494

CVE-2005-3494 describes a cross-site scripting (XSS) flaw in Ar-blog versions 5.2 and earlier. The vulnerability allows a remote attacker to inject arbitrary web script or HTML through a blog comment, potentially compromising user sessions or displaying malicious content. The connected documents ...

CVE-2005-3308

Multiple cross-site scripting XSS vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 comment parameter in detail.php, 3 the username parameter in get.php, and 4 the search parameter in index.php...

CVE-2005-3308

Multiple cross-site scripting XSS vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 comment parameter in detail.php, 3 the username parameter in get.php, and 4 the search parameter in index.php...

CVE-2005-3059

Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to 1 " handling of must-revalidate cache directive for HTTPS pages" or 2 a "display issue with cookie comment encoding."...

CVE-2005-3059

CVE-2005-3059 affects Opera 8.50 on Linux and Windows. The vulnerabilities are described as multiple unspecified issues tied to (1) handling of the must-revalidate cache directive for HTTPS pages and (2) a cookie comment encoding display issue. The connected documents do not provide concrete expl...

CVE-2005-2816

Cross-site scripting XSS vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read the log file...

CVE-2005-2787

commentdeletecgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter...

Drupal Public Comment PHP Code Injection

Binary data 3053.prm...

DEBIAN-CVE-2005-2107

Multiple cross-site scripting XSS vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 p or 2 comment parameter...

CVE-2005-2106

Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting...