CVE-2009-3060

Multiple cross-site scripting XSS vulnerabilities in Joker Board aka JBoard 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the notice parameter to editform.php, 2 the editusermessage parameter to core/editusermessage.php, or 3 the usertitle parameter to...

CVE-2008-6890

SQL injection vulnerability in messages.asp in ASP Forum Script allows remote attackers to execute arbitrary SQL commands via the messageid parameter...

CVE-2008-6359

Cross-site scripting XSS vulnerability in index.php in Max's Guestbook allows remote attackers to inject arbitrary web script or HTML via the 1 name, 2 email, and 3 message parameters...

CVE-2008-3511

Multiple cross-site scripting XSS vulnerabilities in Softbiz Image Gallery Photo Gallery allow remote attackers to inject arbitrary web script or HTML via the 1 latest parameter to a index.php, b images.php, c suggestimage.php, and d imagedesc.php; and the 2 msg parameter to index.php, images.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter to inscription.php, 2 courseCode parameter to main/calendar/myagenda.php, 3 category parameter to main/admin/coursecategory.php, 4 message...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in MercuryBoard 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter aka the message text area, which leads to an injection in the messenger during private message PM preview. NOTE: some of these details...

CVE-2008-0258

Cross-site scripting XSS vulnerability in index.php in PHP Running Management phpRunMan before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in shout.php aka the shoutbox in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 username nickname or 2 message parameter. NOTE: some of these details are obtained from third party information...

CVE-2007-6486

Multiple cross-site scripting XSS vulnerabilities in shout.php aka the shoutbox in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 username nickname or 2 message parameter. NOTE: some of these details are obtained from third party information...

CVE-2007-6486

Multiple cross-site scripting XSS vulnerabilities in shout.php aka the shoutbox in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 username nickname or 2 message parameter. NOTE: some of these details are obtained from third party information...

Format string

Format string vulnerability in the mdiaginitialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 aka Ruby/Gnome2 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter...

Design/Logic Flaw

PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service application crash via a long string in 1 the domain parameter to the dgettext function, the message parameter to the 2 dcgettext or 3 gettext function, the msgid1 parameter to the 4 dngettext or 5 ngettext...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SubHub 2.3.0 allow remote attackers to inject arbitrary web script or HTML via 1 the searchtext parameter to a /search, or the 2 message parameter to b /calendar or c /subscribe...

CVE-2006-6159

Multiple cross-site scripting XSS vulnerabilities in newticket.php in DeskPRO 2.0.0 and 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the 1 message or 2 subject parameter...

CVE-2006-3260

Cross-site scripting XSS vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

CVE-2006-3260

Cross-site scripting XSS vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 message parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information,...

CVE-2006-2365

Cross-site scripting XSS vulnerability in alogin.php in Vizra allows remote attackers to inject arbitrary web script or HTML via the message parameter...

CVE-2006-2146

Multiple cross-site scripting XSS vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to inject arbitrary web script or HTML via the 1 postername, 2 posteremail, 3 posterhomepage, or 4 message parameter...

CVE-2006-1977

Cross-site scripting XSS vulnerability in FlexBB 0.5.7 BETA and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 name and 2 message parameters...