CVE-2006-6256

CVE-2006-6256 concerns a Cross-site Scripting (XSS) vulnerability in the file manager (admin/bro_main.php) of AlternC 0.9.5 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML via a folder name. Affected software is AlternC, up to version 0.9.5 (older). The connec...

CVE-2006-6272

Technical details about CVE-2006-6272 are not provided in the connected documents; the available information only reiterates the XSS description. Monitor for updates.

CVE-2006-6211

BirdBlog 1.4.0 is affected by multiple cross-site scripting (XSS) vulnerabilities. The issue allows remote attackers to inject arbitrary script or HTML via: (1) the msg parameter to admin/admincore.php, (2) the month parameter to admin/comments.php or admin/entries.php, and (3) the page parameter...

CVE-2006-6162

Cross-site scripting XSS vulnerability in tiki-editstructures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-6159

Multiple cross-site scripting XSS vulnerabilities in newticket.php in DeskPRO 2.0.0 and 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the 1 message or 2 subject parameter...

CVE-2006-6118

Cross-site scripting XSS vulnerability in thumbs.php in mmgallery 1.55 allows remote attackers to inject arbitrary web script or HTML via the page parameter...

CVE-2006-6088

Multiple cross-site scripting XSS vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 n or 2 d parameter in igallery.asp, or 3 an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, i...

CVE-2006-6096

Cross-site scripting XSS vulnerability in activenewssearch.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter...

CVE-2006-6082

Multiple cross-site scripting XSS vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the 1 cat parameter to addlisting.asp or the 2 search parameter to search.asp...

CVE-2006-6075

The CVE-2006-6075 entry describes a cross-site scripting (XSS) vulnerability in BaalAsp forum, specifically in addpost1.asp via the name parameter. The underlying issue is insufficient input handling that allows remote attackers to inject arbitrary script/HTML. CVSS v2 base score is 6.8 (Medium) ...

CVE-2006-6075

Cross-site scripting XSS vulnerability in addpost1.asp in BaalAsp forum allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-6037

Multiple cross-site scripting XSS vulnerabilities in index.php in Dan Jensen Travelsized CMS 0.4.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 page, 2 pageid, or 3 language parameter...

CVE-2006-6037

The CVE-2006-6037 entry describes multiple XSS vulnerabilities in Dan Jensen Travelsized CMS 0.4.1 and earlier, exploitable via index.php parameters (page, page_id, language). The underlying issue is reflected in the provided description; no exploitation details or exact root cause are given beyo...

CVE-2006-6040

CVE-2006-6040 affects Jelsoft vBulletin 3.6.x, specifically admincp/index.php. The vulnerability is due to cross-site scripting (XSS) via two parameters: prefs in a buildnavprefs action and navprefs in a savenavprefs action, enabling remote attackers to inject arbitrary script/HTML. Public refere...

CVE-2006-6020

CVE-2006-6020 is an XSS vulnerability in announce.php of Blog Torrent Preview 0.92, exploitable via the left parameter to inject script/HTML. The NVD entry lists a CVSS v2 base score of 6.8 (MEDIUM) with network attack vector and no authentication, affecting confidentiality, integrity, and availa...

CVE-2006-5853

Cross-site scripting XSS vulnerability in logon.aspx in Immediacy CMS Immediacy .NET CMS 5.2 allows remote attackers to inject arbitrary web script or HTML via the lang parameter, which is returned to the client in a lang cookie...

CVE-2006-5847

Cross-site scripting XSS vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter...

CVE-2006-5810

Affected software : XOOPS 1.0, module wfdownloads, endpoint /modules/wfdownloads/newlist.php. Vulnerability : Cross-site scripting (XSS) via the parameter newdownloadshowdays . The root cause is manipulation of user-supplied input in the vulnerable script, allowing injection of arbitrary web scri...

CVE-2006-5791

CVE-2006-5791 affects the elog web-based logbook (ELOG 2.6.2 and earlier). The vulnerability arises from cross-site scripting in elogd.c, specifically via the download filename in send_file_direct and the Type/Category fields in New entries, allowing remote attackers to inject arbitrary HTML/scri...

CVE-2006-5775

Technical details about CVE-2006-5775 are not publicly provided in the connected documents. No explicit affected products, versions, or fixes are detailed here. Monitor for updates.