CVE-2005-4311

Cross-site scripting XSS vulnerability in DCForum 6.25 and earlier, and possibly DCForum+ 1.x, allows remote attackers to inject arbitrary web script or HTML via 1 the page parameter in dcboard.php and 2 unspecified search parameters...

CVE-2005-4306

CVE-2005-4306 describes multiple XSS vulnerabilities in SiteNet BBS 2.0 and earlier. The issues arise in the handling of user-supplied input to netboardr.cgi via the parameters (pg, tid, cid, fid) and to search.cgi via the cid parameter, allowing remote attackers to inject arbitrary web script or...

CVE-2005-4292

Cross-site scripting XSS vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keywords parameter in the Quick Find feature...

CVE-2005-4282

Cross-site scripting XSS vulnerability in Zaygo DomainCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML, possibly via the root parameter to zaygo.cgi...

CVE-2005-4262

Cross-site scripting XSS vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the 1 startrow and 2 catid parameter. NOTE: this issue might be resultant from the SQL injection problem CVE-2005-4263...

CVE-2005-4229

Cross-site scripting XSS vulnerability in auction.pl in EveryAuction 1.53 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources and...

CVE-2005-4229

Cross-site scripting XSS vulnerability in auction.pl in EveryAuction 1.53 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources and...

CVE-2005-4245

CVE-2005-4245 is a cross-site scripting (XSS) vulnerability in Snipe Gallery 3.1.4 and earlier affecting the file search.php . The issue arises from the keyword parameter, allowing remote attackers to inject arbitrary web script or HTML. According to the record, the impact is confidentiality: non...

CVE-2005-4237

Cross-site scripting XSS vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keyword parameter in the SearchZoom module...

CVE-2005-3352

Cross-site scripting XSS vulnerability in the modimap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps...

CVE-2005-4196

Multiple cross-site scripting XSS vulnerabilities in Scout Portal Toolkit SPT 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the ss parameter in SPT--QuickSearch.php; 2 ParentId parameter in SPT--BrowseResources.php; 3 the ResourceId parameter in...

CVE-2005-4177

The CVE-2005-4177 entry concerns an XSS vulnerability in Magic Book Personal and Professional 2.0, specifically in the book.cfm component where the StartRow parameter is not properly sanitized. The vulnerability could allow remote attackers to inject arbitrary web script or HTML, as documented by...

CVE-2005-4136

Cross-site scripting XSS vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter...

CVE-2005-4138

Multiple cross-site scripting XSS vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the 1 Wohnort and 2 Beruf fields in editprofile.php, 3 user parameter array in vprofile.php, and 4 the action parameter in misc.php...

CVE-2005-4061

Cross-site scripting XSS vulnerability in PASearch.asp in XcPhotoAlbum 1.x allows remote attackers to inject arbitrary web script or HTML via the search parameters...

CVE-2005-4057

CVE-2005-4057 describes a Cross-site scripting (XSS) vulnerability in the PluggedOut Nexus 0.1 project, specifically in search.php. The vulnerability allows remote attackers to inject arbitrary web script or HTML through the (1) Location, (2) Last Name, and (3) First Name parameters. The entries ...

CVE-2005-4042

Cross-site scripting XSS vulnerability in Warm Links 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to search.cgi...

CVE-2005-4044

CVE-2005-4044 describes a cross-site scripting (XSS) vulnerability in the search.cgi component of Amazon Search Directory 1.0.0 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, potentially through the search parameter, leading to injec...

CVE-2005-4012

Multiple cross-site scripting XSS vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via 1 the lastnumber parameter to stat.php and 2 the HTTP referer to pixel.php...

CVE-2005-4024

Cross-site scripting XSS vulnerability in Interspire FastFind 2004 and 2005 allows remote attackers to inject arbitrary web script or HTML via the query parameter...