phpBB < 2.0.19 Multiple XSS

According to its version number, the remote version of this software is vulnerable to JavaScript injection issues using 'url' bbcode tags and, if HTML tags are enabled, HTML more generally. This may allow an attacker to inject hostile JavaScript into the forum system to steal cookie credentials o...

PYSEC-2005-1

Cross-site scripting XSS vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag...

CVE-2005-4449

verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, th...

CVE-2005-4449

The CVE-2005-4449 entry concerns verify.php in FlatNuke 2.5.6 , where remote authenticated administrators can modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting code via the body parameter. This describes a privilege-elevation-like issue within an authenti...

CVE-2005-4426

CVE-2005-4426 involves YaBB before 2.1 where an interpretation conflict allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF extension, causing the HTML to execute in Internet Explorer (as described for CVE-2005-3312). The issue is tied to YaBB’s ...

CVE-2005-4364

Cross-site scripting XSS vulnerability in index.cfm in Hot Banana Web Content Management Suite 5.3 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter...

CVE-2005-4204

Cross-site scripting XSS vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this issue is distinct from the msg DoS...

CVE-2005-4072

Cross-site scripting XSS vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in searchforums.cfm, as used in the "Search For:" field...

CVE-2005-3977

CVE-2005-3977 describes a cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553. The issue is triggered via the REQ parameter to the search module, allowing remote attackers to inject web script or HTML. The core detail across sources confirms the vulnerable component is the se...

CVE-2005-3866

CVE-2005-3866 involves a cross-site scripting (XSS) vulnerability in the SearchFeed Search Engine 1.3.2 and earlier . The flaw, likely exploitable via the REQ parameter used during a search, could allow remote attackers to inject arbitrary HTML and web script. The connected documents confirm the ...

KLA10399 Multiple vulnerabilities in Winmail

Multiple serious vulnerabilities have been found in Winmail Server. Malicious users can exploit these vulnerabilities to inject scripts or overwrite local files. Below is a complete list of vulnerabilities 1. A directory traversal can be exploited remotely via a side parameter; 2. An XSS...

CVE-2005-3412

Cross-site scripting XSS vulnerability in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic, in which the reply contains a javascript: URL in an tag...

CVE-2005-3202

Multiple cross-site scripting XSS vulnerabilities in Oracle HTML DB HTMLDB 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the 1 p or 2 pt02 parameters...

CVE-2005-2557

Cross-site scripting XSS vulnerability in viewallset.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug0005959, and a different vulnerability than CVE-2005-3090...

CVE-2005-2886

CVE-2005-2886 affects MAXdev MD-Pro 1.0.73 (and possibly earlier) with multiple XSS vulnerabilities. The issue allows remote attackers to inject arbitrary web script or HTML via: (1) the print parameter to the print module, (2) the sitename parameter to the bb_smilies module, (3) the sitename par...

CVE-2005-2869

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the Username to libraries/auth/cookie.auth.lib.php or 2 the error parameter to error.php...

CVE-2005-2820

CVE-2005-2820 is an XSS vulnerability in SqWebMail courier (Conditional Comments in Internet Explorer). The root cause is missing input sanitising in the courier/sqwebmail handling of HTML in emails, allowing remote attackers to inject script via crafted messages. Affected: SqWebMail courier depl...

CVE-2005-2336

Cross-site scripting XSS vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803...

CVE-2005-2803

Cross-site scripting XSS vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005-2336...

Simple Machines Forum < 1.0.7 Code Injection

Binary data 3198.prm...