Cross site scripting

Cross-site scripting XSS vulnerability in search.php in Kmita FAQ 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2006-2883

CVE-2006-2883 concerns a cross-site scripting (XSS) vulnerability in Kmita FAQ 1.0’s search.php. The issue allows remote attackers to inject arbitrary web script or HTML via the q parameter. The vulnerability affects the search function and is documented with a CVSS 2.0 base score of 4.3 (Medium)...

CVE-2006-2876

CVE-2006-2876 is an XSS vulnerability in PHP Pro Publish 2.0 where the catname parameter of cat.php can be exploited to inject arbitrary script/HTML. The affected component is cat.php within PHP Pro Publish 2.0; root cause is insufficient input validation on catname leading to script injection. T...

CVE-2006-2870

Technical details such as affected product/version, root cause, impact, and remediation are not publicly provided in the connected documents; monitor for updates.

Cross site scripting

Cross-site scripting XSS vulnerability in the upload module upload.module in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in ar-blog 5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 count parameter, and possibly the 2 next, 3 Yearthenews, and 4 mo parameters. NOTE: the year and month vectors are already covered by CVE-2006-0333...

CVE-2006-2812

CVE-2006-2812 affects Dominios Europa PICRATE (aka TAL RateMyPic) 1.0. Multiple XSS flaws exist in index.php allowing remote attackers to inject arbitrary script/HTML via a javascript: URI in the SRC attribute of an IMG element (in name/nick, email, and comment fields) and via the id parameter. R...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 LoName parameter in a week.php and b month.php and 2 AddressLink parameter in c event.php...

CVE-2006-2796

Cross-site scripting XSS vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message...

CVE-2006-2774

CVE-2006-2774 is an XSS vulnerability in QontentOne CMS, reported in search.php via the search_phrase parameter. The root cause, as described, is improper handling/sanitization of user-supplied input, allowing remote attackers to inject arbitrary web script or HTML. The documents state the impact...

CVE-2006-2772

CVE-2006-2772 describes an XSS vulnerability in the add.asp component of Hogstorps hogstorp guestbook 2.0. The issue allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) headline parameters. The NVD entry lists a CVSS v2 base score of 6.8 (Medium) wi...

CVE-2006-2765

Cross-site scripting XSS vulnerability in newsinformation.php in Interlink Advantage allows remote attackers to inject arbitrary web script or HTML via the flag parameter...

CVE-2006-2755

CVE-2006-2755 is a cross-site scripting (XSS) vulnerability affecting UBBThreads 5.x and earlier, where the index.php script uses the debug parameter insecurely. The underlying issue is unsafely handling the debug input in UBBThreads, enabling remote attackers to inject arbitrary web script or HT...

CVE-2006-2729

Cross-site scripting XSS vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the gal parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-2746

Multiple cross-site scripting XSS vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 lang parameter in index.php, and the 2 mytheme and 3 myskin parameters in multiple "p-themes" index.inc.php files including c...

CVE-2006-2728

CVE-2006-2728 is an XSS flaw in Photoalbum B&W 1.3, specifically in the file superalbum/index.php. The vulnerability arises when an attacker supplies a crafted value for the pic parameter, enabling the injection of arbitrary web script or HTML. Documents identify the affected component but do not...

Cross site scripting

Cross-site scripting XSS vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to a index.php, and the 2 nid parameter to b newsdetail.php, c emailstory.php, d thankyou.php, e printableview.php, f tellafriend.php, and...

CVE-2006-2684

Cross-site scripting XSS vulnerability in the search module in CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in AZ Photo Album Script Pro allows remote attackers to inject arbitrary web script or HTML via the gazpart parameter...