Cross site scripting

Cross-site scripting XSS vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in the 500 Internal Server Error page on the SOAP port 8880/tcp in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is...

CVE-2006-2418

Cross-site scripting XSS vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts...

CVE-2006-2418

CVE-2006-2418 is an XSS flaw in phpMyAdmin (affected versions prior to the fixes mentioned in advisories) where an attacker can inject script via the db parameter in footer.inc.php. Connected documents corroborate multiple phpMyAdmin XSS issues and specify that Debian/Debian-based advisories (DSA...

Cross site scripting

Cross-site scripting XSS vulnerability in chat.php in PHP Live Helper allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter...

CVE-2006-2397

Multiple cross-site scripting XSS vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 rep parameter to a index.php or b diapo.php or 2 image parameter to c affich.php. NOTE: item 1a might be resultant from directory traversal...

CVE-2006-2390

Cross-site scripting XSS vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality...

CVE-2006-2367

Cross-site scripting XSS vulnerability in index.php in Clansys aka Clanpage System 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function...

CVE-2006-2325

Cross-site scripting XSS vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to inject arbitrary web script or HTML via the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third part...

CVE-2006-2325

Cross-site scripting XSS vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to inject arbitrary web script or HTML via the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third part...

Cross site scripting

Cross-site scripting XSS vulnerability in calendarnew.asp in IA-Calendar allows remote attackers to inject arbitrary web script or HTML via the TypeName1 parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

CVE-2006-2246

Cross-site scripting XSS vulnerability in UBlog 1.6 Access Edition allows remote attackers to inject arbitrary web script or HTML via text fields when adding a blog entry...

CVE-2006-2227

Cross-site scripting XSS vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the reqmessage parameter, because the value of the redirecturl parameter is not sanitized...

Cross site scripting

Cross-site scripting XSS vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the reqmessage parameter, because the value of the redirecturl parameter is not sanitized...

CVE-2006-2227

CVE-2006-2227 describes a cross-site scripting (XSS) vulnerability in PunBB 1.2.11, specifically in misc.php where an attacker can inject arbitrary script or HTML via the req_message parameter because the redirect_url value is not sanitized. The description does not provide exploit details, affec...

CVE-2006-2210

Technical details about CVE-2006-2210 are not publicly provided in the connected documents. The entries note an XSS via the path parameter in 321soft PhP-Gallery 0.9 but provide no further specifics.

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Albinator 2.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 cid parameter to dlisting.php or 2 preloadSlideShow parameter to showpic.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to inject arbitrary web script or HTML via the 1 postername, 2 posteremail, 3 posterhomepage, or 4 message parameter...

CVE-2006-2138

CVE-2006-2138 describes a cross-site scripting (XSS) vulnerability in NeoMail 1.29, specifically in neomail.pl, that allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. The issue is triggered in NeoMail’s web interface and can lead to user-side script execu...

CVE-2006-2140

CVE-2006-2140 describes multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier. The issue allows remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php. The CVSS-like data indicates partial impact o...