CVE-2006-5127

Multiple cross-site scripting XSS vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via 1 the nr parameter in detail.php, 2 the msg parameter in dbmysql.inc.php, and 3 the pos parameter in index.php...

CVE-2006-5110

Cross-site scripting XSS vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2006-5074. NOTE: the provenance of this information is unknown; the details are obtained from third party...

CVE-2006-5063

Cross-site scripting XSS vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode...

CVE-2006-4958

Multiple cross-site scripting XSS vulnerabilities in Sun Secure Global Desktop SSGD, aka Tarantella before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving 1 taarchives.cgi, 2 ttaAuthentication.jsp, 3 ttalicense.cgi, 4...

CVE-2006-4960

Cross-site scripting XSS vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query...

CVE-2006-4941

Multiple cross-site scripting XSS vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via 1 the choose parameter in files/index.php and 2 the sub parameter in doc/index.php...

CVE-2006-4874

Multiple cross-site scripting XSS vulnerabilities in Jupiter CMS allow remote attackers to inject arbitrary web script or HTML via the 1 languageAdmin name and 2 languageAdmin back parameters in a modules/blocks.php; the 3 languageRegister title and 4 languageRegister title2 parameters in b...

CVE-2006-4884

Multiple cross-site scripting XSS vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via 1 the suser parameter in support/rightbar.php, 2 the ticketid parameter in support/opentickets.php, and 3 the conspagetitle parameter in index.php. NOTE: th...

CVE-2006-4825

CVE-2006-4825 concerns multiple cross-site scripting (XSS) vulnerabilities in SoftComplex PHP Event Calendar 1.5.1 (and possibly earlier) where remote attackers can inject arbitrary script/HTML via the parameters ti, bi, or cbgi in cl_files/index.php. The connected documents reiterate the same de...

CVE-2006-4794

CVE-2006-4794 describes multiple XSS vulnerabilities in e107 0.7.5 via the PATH_INFO query string in numerous PHP pages (contact.php, download.php, admin.php, etc.). Connected records indicate a broader XSS family affecting e107 0.7.16 and earlier (admin/ and related files such as submitnews.php,...

CVE-2006-4761

Multiple cross-site scripting XSS vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite...

CVE-2006-4668

Cross-site scripting XSS vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the taskid parameter in an edittask command...

CVE-2006-4665

The CVE-2006-4665 issue affects MKPortal M1.1 Rc1, where the index.php script is vulnerable to cross-site scripting via the ind parameter, likely related to PHP_SELF. The underlying mechanism is an XSS in user-controllable input that can inject arbitrary script/HTML. Exploitation details (availab...

CVE-2006-4668

Cross-site scripting XSS vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the taskid parameter in an edittask command...

CVE-2006-4528

Multiple cross-site scripting XSS vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 recherche parameter in recherchemembre.php and the 2 email parameter in test.php...

CVE-2006-4525

Cross-site scripting XSS vulnerability in CubeCart 3.0.12 and earlier, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array...

CVE-2006-4496

Cross-site scripting XSS vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment parameter...

CVE-2006-4479

Cross-site scripting XSS vulnerability in loginreq2.php in Visual Shapers ezContents 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the subgroupname parameter...

CVE-2006-4376

Multiple cross-site scripting XSS vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the 1 profilnr and 2 sprache parameters in the main portion of the portal, the 3 suchstring...

CVE-2006-4358

CVE-2006-4358 describes a cross-site scripting (XSS) vulnerability in the Diesel Pay product, affecting the code path index.php via the read parameter. The vulnerability allows remote attackers to inject arbitrary web script or HTML. According to the NVD entry, the CVSS v2 base score is 4.3 (Medi...