6657 matches found
CVE-2006-1906
Cross-site scripting XSS vulnerability in index.php in jjgan852 phpLister 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in AnimeGenesis Gallery allows remote attackers to inject arbitrary web script or HTML via the cat parameter...
CVE-2006-1889
The CVE concerns Boardsolution (SCRIPTSOLUTION) by Nils Asmussen, specifically Boardsolution 1.12 and earlier. Vulnerable component: the search action handler in index.php. Issue: cross-site scripting (XSS) via the keyword parameter in the "Search for" input, allowing remote attackers to inject a...
CVE-2006-1891
Cross-site scripting XSS vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormValprofile parameter. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability...
CVE-2006-1906
Cross-site scripting XSS vulnerability in index.php in jjgan852 phpLister 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter...
CVE-2006-1904
Cross-site scripting XSS vulnerability in index.php in AnimeGenesis Gallery allows remote attackers to inject arbitrary web script or HTML via the cat parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the 1 NAME and 2 COMMENTS parameters...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in statsview.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 datefrom, 2 dateto, and 3 date parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 galleryid parameter in view.php, 2 keyword parameter in search.php, and 3 imageid parameter in image.php. NOTE: it is possible that vectors ...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 Name, 2 Website, and 3 Comment parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in register.php in Tritanium Bulletin Board TBB 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 newuserrealname and 2 newusericq parameters, a different vector than CVE-2006-1768. NOTE: the provenance of this...
CVE-2006-1803
Cross-site scripting XSS vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sqlquery parameter...
CVE-2006-1802
The CVE-2006-1802 issue affects TinyWebGallery 1.3 and 1.4, with a Cross-Site Scripting (XSS) flaw in index.php via the twg_album parameter. Remote attackers could inject arbitrary script/HTML. Root cause: unsanitized input in the twg_album parameter. No explicit remediation details are provided ...
CVE-2006-1806
CVE-2006-1806 describes a cross-site scripting (XSS) vulnerability in Musicbox 2.3.3 and earlier. The issue is triggered via the term parameter in a search action within index.php, allowing remote attackers to inject arbitrary web script or HTML. The NVD entry for this CVE confirms the vulnerable...
CVE-2006-1808
Cross-site scripting XSS vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation...
Cross site scripting
Cross-site scripting XSS vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI $SERVER'REQUESTURI'...
CVE-2006-1795
CVE-2006-1795 describes a cross-site scripting (XSS) vulnerability in UPDI Network Enterprise @1 Table Publisher, specifically in the tablepublisher.cgi handling of the Title of Table field. The flaw allows remote attackers to inject arbitrary web script or HTML via that field. The NVD-provided C...
Design/Logic Flaw
Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading 1 ftp or 2 http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in JBook 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter...
CVE-2006-1768
Multiple cross-site scripting XSS vulnerabilities in register.php in Tritanium Bulletin Board TBB 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 newusername, 2 newuseremail, and 3 newuserhp parameters in the faction=register mode in index.php...