CVE-2005-3412

Cross-site scripting XSS vulnerability in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic, in which the reply contains a javascript: URL in an tag...

CVE-2005-3361

Cross-site scripting XSS vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306...

CVE-2005-3329

Cross-site scripting XSS vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation...

CVE-2005-3334

Cross-site scripting XSS vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 devel allows remote attackers to inject arbitrary web script or HTML via the 1 PHPSESSID, 2 task, 3 string, 4 type, 5 serv, 6 due, 7 dev, and 8 sort2 parameters...

CVE-2005-3308

Multiple cross-site scripting XSS vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 comment parameter in detail.php, 3 the username parameter in get.php, and 4 the search parameter in index.php...

CVE-2004-2510

Cross-site scripting XSS vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter...

CVE-2005-3264

Cross-site scripting XSS vulnerability in thread.php for Zeroblog 1.1f and 1.2a allows remote attackers to inject arbitrary web script or HTML via the threadID parameter...

CVE-2005-3202

Multiple cross-site scripting XSS vulnerabilities in Oracle HTML DB HTMLDB 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the 1 p or 2 pt02 parameters...

CVE-2005-3200

Utopia News Pro (UNP) versions 1.1.3 and 1.1.4 are affected by multiple XSS vulnerabilities. The issue allows remote attackers to inject arbitrary web script or HTML via: (1) sitetitle parameter in header.php and (2) version and (3) query_count parameters in footer.php. The documents do not speci...

CVE-2005-3067

Cross-site scripting XSS vulnerability in perldiver.cgi in PerlDiver 2.x allows remote attackers to inject arbitrary web script or HTML via the module parameter...

CVE-2005-2884

The connected sources show concrete details for CVE-2005-2884 related to Land Down Under (LDU) <= 801. The vulnerability includes Cross-Site Scripting (XSS) in events.php and, per OpenVAS, multiple issues (including SQL injection) due to inadequate input sanitization in PHP scripts (events.php...

CVE-2005-2863

OpenWebMail contains an XSS vulnerability CVE-2005-2863 in the openwebmail-main.pl script (sessionid parameter) affecting OpenWebMail 2.41. The flaw allows remote injection of arbitrary web script/HTML. NVD notes a CVSS v2 base score of 4.3 (Medium) with network access, no authentication, and par...

CVE-2005-2853

Multiple cross-site scripting XSS vulnerabilities in GuppY 4.5.3a and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the pg parameter to printfaq.php, or the 2 Referer or 3 User-Agent HTTP headers, which are not properly handled by error.php...

CVE-2005-2724

CVE-2005-2724 is a cross-site scripting (XSS) vulnerability in SqWebmail: the vulnerability arises from missing input sanitising in the handling of file attachments, allowing an attacker to inject arbitrary script/HTML via the Display feature. The initial description notes SqWebMail 5.0.4 as affe...

CVE-2005-2724

Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer...

CVE-2005-2674

Affected product: Land Down Under (LDU) 800 series (

PT-2005-3560 · Land Down Under · Land Down Under (Ldu) 800

Name of the Vulnerable Software and Affected Versions: Land Down Under LDU 800 Description: Multiple cross-site scripting XSS vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the c or m parameters to "index.php" or the w parameter to "journal.php". The vendor has...

CVE-2005-2650

The CVE-2005-2650 entry describes a cross-site scripting (XSS) vulnerability in Emefa Guestbook 1.2, specifically in sign.asp. The issue allows remote attackers to inject arbitrary script or HTML via the name, location, or email parameters, indicating insufficient input sanitization in the sign.a...

CVE-2004-2468

SillySearch 2.3 and earlier are affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the search parameter. The entry states the vulnerability type and affected version(s) but does not specify root cause details beyond the p...

CVE-2004-2465

Cross-site scripting XSS vulnerability in chat.ghp in Easy Chat Server 1.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter...