6657 matches found
CVE-2006-4325
The CVE refers to Doika guestbook (version 2.5, possibly earlier) with a reflected XSS in gbook.php via the page parameter. This allows remote attackers to inject arbitrary scripts/HTML. No patch/remediation details are provided in the supplied documents; exploitation status and exact fixes are n...
CVE-2006-4293
Multiple cross-site scripting XSS vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the 1 dir parameter in dohtaccess.html, or the 2 file parameter in a editit.html or b showfile.html...
CVE-2006-4268
CubeCart
CVE-2006-4224
CVE-2006-4224 is an XSS vulnerability in Virtual War (VWar) calendar.php affecting VWar 1.5.0 and earlier. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the year parameter. The CVE also notes that the page parameter vector is covered by CVE-2006-4009. No fur...
CVE-2006-4211
Cross-site scripting XSS vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2006-4211
Cross-site scripting XSS vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2006-4157
Cross-site scripting XSS vulnerability in index.php in Yet another Bulletin Board YaBB allows remote attackers to inject arbitrary web script or HTML via the categories parameter...
CVE-2006-4090
CVE-2006-4090 describes a cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2. The issue arises in the comment posting flow, likely involving the nickname parameter in previewcomment.php and the From: part of the comment post, allowing remote attackers to inject arbitrary web scrip...
CVE-2006-4090
Cross-site scripting XSS vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the "From: part of the comment post," probably involving the nickname parameter to previewcomment.php...
CVE-2006-4079
The CVE-2006-4079 entry describes a Cross-site scripting (XSS) vulnerability in DeluxeBB 1.08 (and possibly earlier) affecting newpost.php, where the subject parameter (topic title) is not properly sanitized. This allows remote attackers to inject arbitrary web script or HTML. The NVD metrics ass...
CVE-2006-3585
Multiple cross-site scripting XSS vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the 1 login parameter in admin/cms/index.php, 2 unspecified parameters in the "Supply news" page in formmail.php, 3 the URL in the "Site statistics" page, and...
CVE-2006-3585
CVE-2006-3585 describes multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1. Affected components include: the login parameter in admin/cms/index.php; parameters on the Supply news page in formmail.php; the URL in the Site statistics page; and the query_string parameter when ...
CVE-2006-4016
Cross-site scripting XSS vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter...
CVE-2006-4016
The CVE-2006-4016 entry concerns a Cross-site Scripting (XSS) flaw in toendaCMS. Affected software: toendaCMS stable versions 1.0.3 and earlier, and unstable 1.1 and earlier. The vulnerability occurs in the s parameter of the /toendaCMS endpoint, allowing remote attackers to inject arbitrary web ...
CVE-2006-3948
Cross-site scripting XSS vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter...
CVE-2006-3948
Technical details for CVE-2006-3948 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2006-3909
Cross-site scripting XSS vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter...
CVE-2006-3900
Cross-site scripting XSS vulnerability in guestbook.php in TP-Book 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter...
CVE-2006-3613
Multiple cross-site scripting XSS vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software aka enterprise edition allow remote attackers to inject arbitrary web script or HTML via the 1 itemfor aka "Who is this item for?" and 2 special aka "Special...
CVE-2006-3563
Cross-site scripting XSS vulnerability in gallery/thumb.php in Winged Gallery 1.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter...