Cross site scripting

Cross-site scripting XSS vulnerability in login.php in Phoetux.net PhxContacts 0.93.1 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter...

CVE-2006-1429

The vulnerability CVE-2006-1429 is a Cross-site Scripting (XSS) issue in classifiedZONE 1.2 and earlier . It affects the file accountlogon.cfm where an attacker can inject arbitrary web script or HTML through the rtn parameter. Public references confirm the XSS impact but do not provide remediati...

Cross site scripting

Cross-site scripting XSS vulnerability in apwcwinmain.jsp in the web console in IBM Tivoli Business Systems Manager TBSM before 3.1.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter...

CVE-2006-1233

Multiple cross-site scripting XSS vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the 1 ArtCat parameter to wmview.php, 2 ctrrowcol parameter to footer.php, or 3 ArtID parameter to wmcomments.php...

CVE-2006-1205

CVE-2006-1205 affects myWebland myBloggie 2.1.3 beta and earlier, with multiple reflected XSS flaws in PHP scripts (delcomment.php, upload.php, addcat.php, edituser.php, adduser.php, editcat.php, add.php, deluser.php, delcat.php, del.php) reachable via admin.php. Parameters include confirmredirec...

CVE-2006-1087

Direct static code injection vulnerability in the modifyconfig action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the optionnewcompatibilitymode parameter, which is not filtered before being stored in config.php. NOTE...

CVE-2006-1071

The CVE-2006-1071 entry concerns DVguestbook 1.2.2. An XSS flaw exists in index.php through the page parameter, allowing remote attackers to inject arbitrary web script or HTML. The NVD entry assigns a base CVSS v2 score of 4.3 (MEDIUM) with Network attack vector, Medium attack complexity, no pri...

CVE-2006-1040

Cross-site scripting XSS vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php...

PEHEPE Membership Management System 3.0 - Remote PHP Script Code Injection

source: https://www.securityfocus.com/bid/16887/info PEHEPE Membership Management System is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to facilitate a compromise of the application and the underlying system; other attacks are also possible. PEHEPE...

CVE-2006-0188

webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the rightframe parameter. NOTE: this has been called a cross-site scripting XSS issue, but it is different than what is normally identified as XSS...

CVE-2006-0735

CVE-2006-0735 describes a cross-site scripting (XSS) vulnerability in BBcode.pm within M. Blom HTML::BBCode 1.04 and earlier. The flaw allows remote attackers to inject arbitrary JavaScript via a javascript: URI in (1) the img tag or (2) the url tag of BBCode, when used in products such as My Blo...

CVE-2006-0676

Cross-site scripting XSS vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter...

CVE-2006-0663

CVE-2006-0663 affects Lotus Domino iNotes Client 6.5.4 and 7.0. The issue consists of multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via: (1) an email subject, (2) an encoded javascript URI (e.g., java script:), and (3) when ...

CVE-2006-0573

Multiple cross-site scripting XSS vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to a editquota.html or b dodelpop.html; 2 showtree parameter to c diskusage.html; or the 3 mon, 4 year, 5 target, or 6 domain parameter ...

CVE-2006-0521

Cross-site scripting XSS vulnerability in results.php in BrowserCRM allows remote attackers to inject arbitrary web script or HTML via certain manipulations of the query parameter, as demonstrated using an IMG SRC tag...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter...

123 Flash Chat 5.0 - Remote Code Injection

123 Flash Chat 5.0 - Remote Code Injection source: https://www.securityfocus.com/bid/16360/info 123 Flash Chat is prone to an arbitrary code injection weakness. An attacker can influence the value of a variable that is insecurely passed to an 'eval' call. Successful exploitation may allow attacke...

123 Flash Chat 5.0 - Remote Code Injection

source: https://www.securityfocus.com/bid/16360/info 123 Flash Chat is prone to an arbitrary code injection weakness. An attacker can influence the value of a variable that is insecurely passed to an 'eval' call. Successful exploitation may allow attackers to take complete control of the...

CVE-2006-0207

CVE-2006-0207 is a PHP HTTP response splitting vulnerability affecting PHP 5.1.1, enabling remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to session extension (ext/session) and the header function. Connected documents (including F5 K13519 and Nessus/Ope...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter...