CVE-2006-3567

Cross-site scripting XSS vulnerability in the web administration interface logging feature in Juniper Networks Redline DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field...

CVE-2006-3359

CVE-2006-3359 affects NewsPHP 2006 PRO, with multiple SQL injection flaws in index.php (parameters: words, id, topmenuitem, cat_id) and in inc/rss_feed.php (category). Attackers could inject arbitrary scripts via these parameters. Public records (NVD/CVELIST) describe the vulnerability and impact...

CVE-2006-3333

Cross-site scripting XSS vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the 1 frommethod, 2 list, and 3 method, which are reflected in an error message. NOTE: some of these vectors might be...

CVE-2006-3333

The CVE-2006-3333 entry describes a Cross-site Scripting (XSS) vulnerability in Zorum Forum 3.5, specifically in index.php. The flaw allows remote attackers to inject web script or HTML through multiple unspecified parameters (notably frommethod, list, and method) which are reflected in an error ...

CVE-2006-3321

The CVE-2006-3321 entry documents multiple cross-site scripting (XSS) vulnerabilities in the Web forum script openforum.asp. Affected product: OpenForum 1.2 Beta and earlier. Vulnerable component: openforum.asp; vulnerable parameters: (1) ofdisp and (2) ofmsgid. Impact stated: remote attackers ca...

CVE-2006-3313

Netsoft smartNet 2.0 is affected by a cross-site scripting (XSS) vulnerability in search.jsp that allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter. Affected component: search.jsp in Netsoft smartNet 2.0; root cause: unsanitized/unsafely handled keyWord inpu...

CVE-2006-3301

CVE-2006-3301 describes multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML via the domain parameter in the scripts user_add.php or unit_add.php . The available documents do not provide furthe...

CVE-2006-3240

Cross-site scripting XSS vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter...

CVE-2006-3237

The CVE-2006-3237 entry describes a Cross-site scripting (XSS) flaw in the Enterprise Groupware System (EGS) before or at version 1.2.4, exploitable via the module parameter on index.php. The underlying issue is an input handling/reflective scripting vector that allows remote attackers to inject ...

CVE-2006-3241

The CVE-2006-3241 issue affects XennoBB (versions 1.0.5 and earlier) in messages.php, where the tid parameter enables reflected cross-site scripting. The NVD records a low base score (2.6/10) with network attack vector and no authentication required, indicating a potential for user-side script ex...

CVE-2006-3233

CVE-2006-3233 describes a cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52 and earlier builds released before 2006-06-18, specifically in the openwebmail-read.pl component. An attacker can inject arbitrary web script or HTML via the from field, enabling potential credential or ...

CVE-2006-3225

CVE-2006-3225 describes a cross-site scripting (XSS) vulnerability affecting Sun ONE Application Server 7 before Update 9, Java System Application Server 7 (2004Q2) before Update 5, and Java System Application Server Enterprise Edition 8.1 (2005 Q1). The issue allows remote attackers to inject ar...

CVE-2006-2311

Cross-site scripting XSS vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a 1 .cfm or 2 .cfml file, which reflects the result in the default error page...

CVE-2006-3180

Cross-site scripting XSS vulnerability in ftpindex.php in Confixx Pro 3.0 allows remote attackers to inject arbitrary web script or HTML via the path parameter...

CVE-2006-3187

Multiple cross-site scripting XSS vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 maingroup and 2 secondgroup parameters to a searchprodlist.asp, and the 3 maingroup parameter to b meny2.asp. NOTE: it is possible that this ...

CVE-2006-3183

CVE-2006-3183 is a cross-site scripting (XSS) vulnerability affecting MobeScripts Mobile Space Community 2.0 and earlier. The flaw allows remote attackers to inject arbitrary script/HTML via the browse parameter (unfiltered in error messages) and several inputs (updating a profile, posting commen...

CVE-2006-3183

Cross-site scripting XSS vulnerability in index.php in MobeScripts Mobile Space Community 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 browse parameter, which is not filtered in the resulting error message, and multiple unspecified input fields, includi...

CVE-2006-3180

CVE-2006-3180 is a cross-site scripting (XSS) vulnerability in the Confixx Pro 3.0 product, specifically in ftp_index.php, exploitable through the path parameter. The NVD entry lists a CVSSv2 base score of 6.8 (MEDIUM) with network access, requiring no authentication, and impacting confidentialit...

CVE-2006-3186

CVE-2006-3186 : The connected records specify multiple cross-site scripting (XSS) vulnerabilities in the CMS Faethon 1.3.2 . The flaw is triggered via the mainpath parameter passed to the scripts data/footer.php and admin/header.php , enabling remote attackers to inject arbitrary web script or HT...

CVE-2006-3155

Multiple cross-site scripting XSS vulnerabilities in Ultimate Auction 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 item parameter in a emailtofriend.pl or b violation.pl, 2 seller parameter in c vsoa.pl, 3 user parameter in d userask.pl or e leavefeed.pl...