CVE-2006-4576

The vulnerability CVE-2006-4576 is an XSS in The Address Book 1.04e where remote attackers can inject arbitrary web script by uploading an HTML file with a GIF/JPG extension, which is then rendered by Internet Explorer. The provided connected documents confirm the affected product/version and the...

CVE-2006-6832

Cross-site scripting XSS vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title...

CVE-2006-6862

Multiple cross-site scripting XSS vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 login/login.asp or 2 login/register.asp...

CVE-2006-6815

Multiple cross-site scripting XSS vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to 1 setpreferences.asp, 2 sendpasswordpreferences.asp, and 3 SecureLoginManager/list.asp in the...

CVE-2006-6824

Multiple cross-site scripting XSS vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 getdate parameter in a day.php, b month.php, c year.php, d week.php, e search.php, f rss/index.php, g print.php, a...

CVE-2006-6768

Multiple cross-site scripting XSS vulnerabilities in default.asp in PWP Technologies The Classified Ad System allow remote attackers to inject arbitrary web script or HTML via the 1 cat or 2 main parameter...

CVE-2006-6695

Multiple cross-site scripting XSS vulnerabilities in index.php in Carsen Klock TextSend 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 error or 2 success parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party...

CVE-2006-6640

Multiple cross-site scripting XSS vulnerabilities in Omniture SiteCatalyst allow remote attackers to inject arbitrary web script or HTML via the 1 ss parameter in a search.asp and the 2 company and 3 username fields on b the web login page. NOTE: some details were obtained from third party...

CVE-2006-6625

Cross-site scripting XSS vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-6518

Multiple cross-site scripting XSS vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 pseudo, 2 email, 3 date, 4 sujet, 5 message, 6 site, and 7 lien parameters to a admin/change.php, and the 8 aa parameter to b lire-avis.php...

CVE-2006-6534

Multiple cross-site scripting XSS vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the 1 set parameter to admin/modules.php, the 2 selectedbox parameter to definitiva/admin/customers.php, the 3 lID parameter to admin/languagesdefinitions.php, o...

CVE-2006-6479

Multiple cross-site scripting XSS vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the email parameter in 1 erreurinscription.php, 2 Templates/admin.dwt.php, 3 Templates/commun.dwt.php, 4 membre.dwt.php, and 5 admin/adminconfig/Aide.php...

CVE-2006-6466

Multiple cross-site scripting XSS vulnerabilities in WBmap.php in WikyBlog 1.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 key, 2 d, 3 l, or 4 v parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third par...

CVE-2006-6451

Multiple cross-site scripting XSS vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 getpassword.php or 2 loginup.php3...

CVE-2006-6451

SWsoft Plesk 8.0.1 and earlier are affected by multiple XSS vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to get_password.php or login_up.php3. The issue is documented across CVE-2006-6451, with CVSSv2 base metrics indicating a mediu...

CVE-2006-6451

Multiple cross-site scripting XSS vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 getpassword.php or 2 loginup.php3...

CVE-2006-6393

CVE-2006-6393 is an XSS vulnerability in Jonas Gauffin Publicera 1.0-rc2 and earlier. The issue arises from InputFilter::getString, allowing remote attackers to inject arbitrary script/HTML via unspecified vectors. Documented impact is client-side data/script integrity and potential user interact...

CVE-2006-6389

Multiple cross-site scripting XSS vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the 1 Taaa parameter to a up.php, or the 2 pollhtml and 3 Bloks parameters to b polls.php, different vectors than CVE-2006-5770...

CVE-2006-6142

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 mailto parameter in a webmail.php, the 2 session and 3 deletedraft parameters in b compose.php, and 4 unspecified vectors involving "a...

CVE-2006-6142

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 mailto parameter in a webmail.php, the 2 session and 3 deletedraft parameters in b compose.php, and 4 unspecified vectors involving "a...