CVE-2005-4780

Cross-site scripting XSS vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a querystring to the home page. NOTE: The vendor disputes this issue, saying "Lighthouse does not in any way make use of the...

CVE-2005-4551

The CVE-2005-4551 issue affects the web app codegrrl SimpBook 1.0 . The vulnerability is a Cross-site Scripting (XSS) flaw in sign.php when the configuration flag html_enable is enabled. An attacker can supply arbitrary HTML/script via the message parameter to index.php, which could be reflected ...

CVE-2005-4530

Multiple cross-site scripting XSS vulnerabilities in AlstraSoft EPay Enterprise 3.0 formerly DoPays allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in 1 profile.htm, 2 card.htm, 3 bank.htm, 4 subscriptions.htm, 5 send.htm, 6 request.htm, 7...

CVE-2005-4483

Cross-site scripting XSS vulnerability in login.asp in SiteEnable 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the retpage parameter...

CVE-2005-4489

Cross-site scripting XSS vulnerability in Scoop 1.1 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 type and 2 count parameters, and 3 the query string in a story...

CVE-2005-4480

CVE-2005-4480 : A cross-site scripting (XSS) vulnerability affects Plexcor CMS 4.0 and earlier, allowing remote attackers to inject arbitrary web script or HTML via unspecified search parameters. Documents do not specify the exact vulnerable component/version beyond the CMS family, nor provide co...

CVE-2005-4497

The CVE-2005-4497 entry affects Tangora Portal CMS 4.0 and earlier. The vulnerability is a Cross-site Scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML through the action parameter in the search page (demonstrated with page1631.aspx and page496.aspx). No rem...

CVE-2005-4494

Cross-site scripting XSS vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 spiplogin.php3 and 2 spippass.php3...

CVE-2005-4446

Cross-site scripting XSS vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch parameter...

CVE-2005-4409

Cross-site scripting XSS vulnerability in MMBase 1.7.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters...

CVE-2005-4407

CVE-2005-4407 describes a cross-site scripting (XSS) vulnerability in Mercury CMS versions up to 4.0, where the index.cfm script is vulnerable. The issue arises from unsafely handling the 1) content and 2) criteria parameters, allowing remote attackers to inject arbitrary web script or HTML. Expl...

CVE-2005-4393

Cross-site scripting XSS vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 obcatid and 2 comid parameters...

CVE-2005-4399

CVE-2005-4399 concerns a cross-site scripting (XSS) vulnerability in Libertas Enterprise CMS, versions 3.0 and earlier. The flaw is in the search/index.php handler and allows remote attackers to inject arbitrary web script or HTML via the page_search parameter. The information available does not ...

CVE-2005-4391

Cross-site scripting XSS vulnerability in damoon allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter...

CVE-2005-4369

CVE-2005-4369 describes a cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2. The issue allows remote attackers to inject arbitrary web script or HTML through unspecified search parameters, potentially via strSearchKeywords to browse.asp. The NVD data lists a CVSS v2 base score of 4.3 (...

CVE-2005-4374

Multiple cross-site scripting XSS vulnerabilities in Allinta 2.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 s parameter to faq.asp and 2 searchQuery parameter to search.asp...

CVE-2005-4372

The CVE-2005-4372 entry describes a Cross-site scripting (XSS) vulnerability in Adaptive Website Framework (AWF) prior to or including version 2.10, exploitable via the page parameter in account.html. The underlying issue is improper handling of the page value, allowing remote attackers to inject...

CVE-2005-4379

Bitweaver 1.1 and 1.1.1 beta are affected by multiple cross-site scripting (XSS) vulnerabilities. The issues allow remote attackers to inject arbitrary web script or HTML via specific parameters: (1) sort_mode in fisheye/list_galleries.php, messages/message_box.php, and users/my.php; (2) post_id ...

CVE-2005-4327

Multiple cross-site scripting XSS vulnerabilities in Michael Arndt WebCal 1.11-3.04 allow remote attackers to inject arbitrary web script or HTML via the 1 function, 2 year, and 3 date parameters to webcal.cgi, 4 new calendar entries, and 5 notes for entries...

CVE-2005-4333

CVE-2005-4333 affects Binary Board System (BBS) 0.2.5 and earlier. It describes multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML through parameters to reply.pl (1) inreplyto, (2) article, (3) board; and to (b) stats.pl, and to ...