6657 matches found
CVE-2006-5761
CVE-2006-5761 describes a cross-site scripting (XSS) vulnerability in Rhadrix If-CMS, specifically in index.php where the rns parameter can be exploited to inject arbitrary web script or HTML. Affected software: Rhadrix If-CMS versions 1.01 through 2.07. Root cause is improper handling of the rns...
CVE-2006-5741
Multiple cross-site scripting XSS vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via 1 the 404 error page of the Smart Sensor Edge Sensor; 2 the user name for a failed logon, when displayed in the audit journals reviewin...
CVE-2006-5743
Multiple cross-site scripting XSS vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to inject arbitrary web script or HTML via 1 an Access Point with a crafted SSID, 2 the name of the sensor WIDS, 3 the name of the Highwall EndPoi...
CVE-2006-5713
CVE-2006-5713 describes an XSS vulnerability in Easy File Sharing (EFS) Web Server 4.0. The issue allows remote attackers to inject arbitrary web script or HTML through the forum-thread posting parameters: author, content, or title. The metadata indicates cross-site scripting with no confidential...
CVE-2006-5713
Cross-site scripting XSS vulnerability in Easy File Sharing EFS Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the 1 author, 2 content, or 3 title parameters when posting a forum thread. NOTE: the provenance of this information is unknown; the details are obtain...
CVE-2006-5643
Cross-site scripting XSS vulnerability in searchde.html in foresite CMS allows remote attackers to inject arbitrary web script or HTML via the query parameter...
CVE-2006-5632
Cross-site scripting XSS vulnerability in changepass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...
CVE-2006-5626
Cross-site scripting XSS vulnerability in cmsimages/js/htmlarea/htmlarea.php in phpFaber Content Management System CMS before 1.3.36 on 20061026 allows remote attackers to inject arbitrary web script or HTML, probably via arbitrary parameters in the query string, as demonstrated with a vigilon...
CVE-2006-5626
CVE-2006-5626 affects phpFaber CMS prior to 1.3.36, specifically the file cms_images/js/htmlarea/htmlarea.php. The underlying issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML, likely via arbitrary parameters in the query strin...
CVE-2006-5605
Multiple cross-site scripting XSS vulnerabilities in phpcards.footer.php in phpCards 1.3 allow remote attackers to inject arbitrary web script or HTML via the CardFontFace parameter and other unspecified parameters...
CVE-2006-5530
Multiple cross-site scripting XSS vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 admin/index.php, 2 admin/pwlost.php, and unspecified other files. NOTE: the provenance of this information is unknown;...
CVE-2006-5515
CVE-2006-5515 is a stored XSS vulnerability in the lib-history.inc.php component of phpAdsNew and phpPgAds up to version 2.0.8-pr1 . The issue allows remote attackers to inject arbitrary web script via vectors related to data stored by a delivery script and displayed in the admin interface. Affec...
CVE-2006-5504
CVE-2006-5504 affects Simple Machines Forum (SMF). The vulnerability is a Cross-site Scripting (XSS) in index.php where an attacker can inject arbitrary web script or HTML by supplying a base64-encoded value in the action parameter. Impact is described as partial integrity impact on the target. T...
CVE-2006-5496
Multiple cross-site scripting XSS vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 index.php, 2 addknowledge.php, and 3 addscreenshot.php...
CVE-2006-5457
Casinosoft Casino Script (Masvet) 3.2 contains multiple XSS vulnerabilities in its registration form, exploitable via the name or surname fields to inject arbitrary script/HTML. Remote exploitation is described; impact is limited to partial integrity and client-side exposure per the CVSS metrics ...
CVE-2006-5416
Cross-site scripting XSS vulnerability in my.acctab.php3 in F5 Networks FirePass 1000 SSL VPN 5.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the sid parameter...
CVE-2006-5321
Multiple cross-site scripting XSS vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2006-5169
Cross-site scripting XSS vulnerability in John Himmelman aka DaRk2k1 PowerPortal 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to registering a user. NOTE: the provenance of this information is unknown; the details are obtained from...
CVE-2006-5164
Multiple cross-site scripting XSS vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 sortBy or 2 search parameters...
CVE-2006-5120
Multiple cross-site scripting XSS vulnerabilities in Scott Metoyer Red Mombin 0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 index.php and 2 processlogin.php...