CVE-2006-3138

Multiple cross-site scripting XSS vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 PIC parameter in offers-pix.php, 2 from parameter in cp/index.php, and 3 action parameter in cp/adminindex.php...

CVE-2006-3157

CVE-2006-3157 describes a Cross-site scripting (XSS) vulnerability in index.php of Thinkfactory UltimateGoogle 1.00 and earlier, exploitable via the REQ parameter to inject arbitrary web script or HTML. The CVSSv2 base score is 5.8 (Medium) with network attack vector and no user interaction requi...

CVE-2006-3141

CVE-2006-3141 is a documented XSS vulnerability in Tradingeye Shop R4 and earlier, exploitable via the image parameter in details.cfm. The underlying issue is that user-supplied data can inject arbitrary web script or HTML, enabling remote attackers to execute script within victims’ browsers. The...

CVE-2006-3110

The CVE-2006-3110 issue affects Chipmailer 1.09 and is a Cross-site Scripting (XSS) vulnerability in main.php, exploitable through the (1) name, (2) betreff, (3) mail, and (4) text parameters. The NVD entry documents a MEDIUM impact (CVSS v2: AV:N/AC:M/Au:N/C:N/I:P/A:N) with a base score of 4.3. ...

CVE-2006-3060

Cross-site scripting XSS vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the 1 read parameter in index.php, 2 farea parameter in faq.php, and 3 unspecified input fields on the "My Account" login page...

CVE-2006-3080

CVE-2006-3080 documents a cross-site scripting (XSS) vulnerability in the viewposts.cfm module of aXentForum II and earlier. The issue allows remote attackers to inject arbitrary web script or HTML by manipulating the startrow parameter. Affected software is described as aXentForum II and older v...

CVE-2006-3061

Multiple cross-site scripting XSS vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the 1 sort parameter in index2.php, 2 itemid parameter in report.php, 3 searchterm parameter aka the "search box" in searchreviews.php, 4 the profile field in...

CVE-2006-3035

Multiple cross-site scripting XSS vulnerabilities in addwords.php in MyScrapbook 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 name and 2 comment parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party...

CVE-2006-3035

CVE-2006-3035 involves multiple XSS vulnerabilities in the file addwords.php of MyScrapbook 3.1 and earlier . The vulnerabilities allow remote attackers to inject arbitrary web script or HTML through the name and comment parameters. The entry cites sources consistent with NVD and CVE records, but...

CVE-2006-3030

DwZone Shopping Cart prior to or at version 1.1.9 has multiple XSS vulnerabilities. The issue arises in the web app’s handling of user input parameters: (1) ToCategory and (2) FromCategory to ProductDetailsForm.asp, and (3) UserName and (4) Password to LogIn/VerifyUserLog.asp. The flaws allow rem...

CVE-2006-2989

Cross-site scripting XSS vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter...

CVE-2006-2988

Cross-site scripting XSS vulnerability in dictionary.php in Chemical Dictionary allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a browse action...

CVE-2006-2997

The CVE-2006-2997 entry describes an XSS in ZMS 2.9 and earlier when register_globals is enabled. The vulnerability is triggered via the raw parameter in the search field, allowing remote injection of arbitrary web script/HTML. Affected product/version: ZMS 2.9 and earlier. Underlying cause: inpu...

CVE-2006-2999

Cross-site scripting XSS vulnerability in search.php in OkScripts QuickLinks 1.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2006-3002

The CVE-2006-3002 issue affects Easy Ad-Manager (details.php) with an XSS in the mbid parameter, where input reflected in an error message can lead to arbitrary script execution. The vulnerability is described across multiple sources (NVD, CVE List) as a reflected XSS. A fix was reported by the v...

CVE-2006-2994

Multiple cross-site scripting XSS vulnerabilities in index.php in phazizGuestbook 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 email, 3 url fields, and 4 text field content parameter...

CVE-2006-2957

Cross-site scripting XSS vulnerability in i.List 1.5 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the banurl parameter to add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

CVE-2006-2951

Multiple cross-site scripting XSS vulnerabilities in Net Portal Dynamic System NPDS 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the 1 Titlesitename or 2 sitename parameter to a header.php, 3 nukeurl parameter to b meta/meta.php, 4 forum parameter to c...

CVE-2006-2927

Multiple cross-site scripting XSS vulnerabilities in post.asp in CodeAvalanche FreeForum aka CAForum 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 msgsubject and 2 msgbody parameters. NOTE: The provenance of this information is unknown; the details are obtained solel...

CVE-2006-2925

Cross-site scripting XSS vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality...