6657 matches found
CVE-2006-1222
Multiple cross-site scripting XSS vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the 1 memo box title, 2 user email, and 3 homepage fields...
CVE-2006-1204
The CVE-2006-1204 entry concerns multiple XSS vulnerabilities in txtForum 1.0.4-dev and earlier. The affected components include index.php, new_topic.php, profile.php, reply.php, and view_topic.php, with vulnerable parameters such as prev, next, rand5, r_username, r_loc, r_num, r_family_name, r_i...
CVE-2006-1205
Multiple cross-site scripting XSS vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 confirmredirect and 2 postid parameters in a delcomment.php, as reachable when mode=delcom from index.php; and the 3 del and 4...
Cross site scripting
Cross-site scripting XSS vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages...
Cross site scripting
Cross-site scripting XSS vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: it is possible that this issue is resultant from the directory traversal vulnerability...
CVE-2006-1155
Cross-site scripting XSS vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to inject arbitrary web script or HTML via the Error parameter in 1 login.asp and 2 default.asp...
CVE-2006-1135
Multiple cross-site scripting XSS vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword parameter to search.php or 2 username parameter to commentsdo.php...
Cross site scripting
Cross-site scripting XSS vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the commenttitle parameter...
CVE-2006-1133
Multiple cross-site scripting XSS vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to 1 comment.php or 2 contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441...
CVE-2006-1135
CVE-2006-1135 documents multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2. The affected component is the web application’s search functionality (search.php) and comments submission handling (comments_do.php). The root cause is insufficient input sanitization, allowing an attacker...
CVE-2006-1096
CVE-2006-1096 affects NZ Ecommerce, specifically the XSS in index.php via the action parameter. The vulnerability is a stored/ reflected-type cross-site scripting issue that allows remote attackers to inject arbitrary script or HTML. The vendor’s dispute is noted in multiple sources; no concrete ...
CVE-2006-1097
Multiple cross-site scripting XSS vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to 1 infodb.php or 2 database.php...
CVE-2006-1082
phpArcadeScript 2.0 and earlier are affected by multiple XSS vulnerabilities due to lack of input sanitization. The issues allow remote attackers to inject arbitrary script via parameters in tellafriend.php (gamename), loginbox.php (login_status), index.php (submissionstatus), browse.php (cell_ti...
CVE-2006-1071
Cross-site scripting XSS vulnerability in index.php in DVguestbook 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in dvgbook.php in DVguestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the f parameter...
CVE-2006-1064
Multiple cross-site scripting XSS vulnerabilities in Lurker 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors...
CVE-2006-1064
Multiple cross-site scripting XSS vulnerabilities in Lurker 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors...
CVE-2006-1041
Multiple cross-site scripting XSS vulnerabilities in Gregarius 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 rssquery parameter to search.php or 2 tag parameter to tags.php...
CVE-2006-1025
Cross-site scripting XSS vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1019
Cross-site scripting XSS vulnerability in fce.php in UKiBoard 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a BBCode url tag when using the showpost function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...