CVE-2006-0237

CVE-2006-0237 concerns a cross-site scripting (XSS) vulnerability in index.php of GTP iCommerce. The flaw allows remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) subcat parameters due to inadequate input handling. They can influence the content rendered in a victim’...

CVE-2006-0233

CVE-2006-0233 refers to a cross-site scripting (XSS) vulnerability in the PHP file functions.php of the microBlog 2.0 RC-10 package. The issue allows remote attackers to execute arbitrary web script and HTML by supplying a javascript: URI in a [url] BBCode tag, potentially compromising user sessi...

CVE-2006-0217

Multiple cross-site scripting XSS vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the 1 item parameter in item.pl and 2 category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wro...

CVE-2006-0210

CVE-2006-0210 is a Cross-site Scripting (XSS) vulnerability in Interspire TrackPoint NX prior to 0.1. The issue occurs in index.php and allows remote attackers to inject arbitrary web script or HTML via the username parameter on the Login page. This is the concrete vulnerability described in the ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PHP 4.4.1 and 5.1.1, when displayerrors and htmlerrors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message...

CVE-2006-0180

Cross-site scripting XSS vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags...

Cross site scripting

Cross-site scripting XSS in searchresult.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-0152

Cross-site scripting XSS in searchresult.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2005-4637

Multiple cross-site scripting XSS vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 nav parameter in the downloads module, 2 Full Name and 3 Email fields in the core module, 4 Full Name, 5 Email, and 6...

CVE-2005-4637

Kayako SupportSuite 3.00.26 and earlier (index.php) contains multiple XSS flaws. Exploitable via (1) nav parameter in downloads module, (2) Full Name and (3) Email in core, (4) Full Name, (5) Email, and (6) Subject in tickets, and (7) Registered Email in lostpassword feature. Impact per sources: ...

Cross site scripting

Cross-site scripting XSS vulnerability in post.php in NavBoard V16 Stable2.6.0 and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the 1 b, 2 textlarge, and 3 url bbcode tags...

CVE-2006-0134

Cross-site scripting XSS vulnerability in register.php in TheWebForum twf 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in register.php in TheWebForum twf 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter...

CVE-2006-0134

The CVE-2006-0134 vulnerability concerns TheWebForum (twf) version 1.2.1, specifically the register.php script. The issue is a cross-site scripting (XSS) flaw that accepts user input via the www parameter and does not sufficiently sanitize it, enabling remote attackers to inject arbitrary web scr...

CVE-2006-0112

Cross-site scripting XSS vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remote attackers to inject arbitrary web script or HTML via the dir parameter...

CVE-2006-0102

Cross-site scripting XSS vulnerability in TinyPHPForum TPF 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "a" bbcode tag, possibly the txt parameter to action.php...

CVE-2006-0063

CVE-2006-0063 affects phpBB 2.0.19, where enabling “Allowed HTML tags” permits cross-site scripting by injecting arbitrary script or HTML via a permitted tag using a single quote character and active attributes such as onmouseover; this is a variant of CVE-2005-4357. The available connected docum...

CVE-2005-4613

Technical details for CVE-2005-4613 are not publicly available in the provided documents; the materials include only a general description of an XSS issue in VUBB alpha rc1. Monitor for updates.

CVE-2006-0078

Multiple cross-site scripting XSS vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 name and 2 shout variables to a shout.php, or the 3 title and 4 message variables to b guestbook.php...

CVE-2005-4597

Cross-site scripting XSS vulnerability in index.php in iPei Guestbook 1.7 allows remote attackers to inject arbitrary web script or HTML via the email parameter, as used by the email field, when signing a guestbook...