CVE-2005-0378

Multiple cross-site scripting XSS vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 group parameter to prefs.php or 2 url parameter to index.php...

CVE-2005-0650

Multiple cross-site scripting XSS vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 the pages parameter to divers.php incorrectly referred to as "drivers.php" by some sources, 2 in the search feature text area, 3 forum name, 4 site name or 5...

CVE-2005-0219

Multiple cross-site scripting XSS vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via 1 the index field in addcomment.php, 2 setalbumName, 3 slideindex, 4 slidefull, 5 slideloop, 6 slidepause, 7 slidedir fields in slideshowlow.php, or 8 username...

CVE-2005-1202

Multiple cross-site scripting XSS vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the 1 abid, 2 page, 3 type, or 4 lang parameter to index.php or 5 categoryid parameter...

CVE-2005-1120

Multiple cross-site scripting XSS vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail 1 body, 2 filename, or 3 MIME type...

CVE-2005-1374

Multiple cross-site scripting XSS vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via 1 exerciseresult.php, 2 exercicesubmit.php, 3 agenda.php, 4 learningPathList.php, 5 learningPathAdmin.php, 6...

CVE-2005-1004

Cross-site scripting XSS vulnerability in usrdetails.php in ProfitCode PayProCart 3.0 allows remote attackers to inject arbitrary web script or HTML via the sgnuptype parameter...

CVE-2005-0682

Cross-site scripting XSS vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs...

CVE-2005-1352

CVE-2005-1352 describes an XSS vulnerability in the ad.cgi script that allows remote attackers to inject arbitrary web script or HTML via the argument. Evidence comes from NVD/CVE records; the exact affected product, version, and root cause details beyond “ad.cgi script” are not specified in the ...

CVE-2005-1327

Cross-site scripting XSS vulnerability in pms.php for Woltlab Burning Board 2.3.1 PL2 and earlier allows remote attackers to inject arbitrary web script or HTML via the folderid parameter...

CVE-2005-1315

CVE-2005-1315 describes a cross-site scripting (XSS) vulnerability in the Horde Turba module prior to 1.2.5. The flaw allows a remote attacker to inject arbitrary web script or HTML by crafting the parent’s frame page title. The vulnerability is associated with Horde Turba’s handling of the paren...

CVE-2005-1314

Cross-site scripting XSS vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title...

CVE-2005-1308

CVE-2005-1308 affects SqWebMail. The vulnerability arises from CRLF sequence handling in the redirect parameter, enabling remote injection of arbitrary HTML/script and likely XSS. Impact described across sources includes attacker-controlled script execution in users’ browsers and potential sessio...

CVE-2005-1317

CVE-2005-1317 affects the Horde Chora module prior to version 1.2.3, enabling a remote attacker to execute arbitrary script/HTML via the parent frame page title (XSS). The vulnerability is due to insufficient input sanitization in the frame title handling. No exploitation details or concrete reme...

CVE-2005-1231

CVE-2005-1231 – JAWS 0.4 XSS in GlossaryModel.php . The issue arises in the NewTerm function of GlossaryModel.php where improper validation of user-supplied input (term and description) enables remote injection of arbitrary web script/HTML. This vulnerability is corroborated by multiple sources i...

CVE-2004-0534

CVE-2004-0534 is a documented XSS in Business Objects InfoView 5.1.4–5.1.8 / WebIntelligence 2.7.0–2.7.4. The root cause is incomplete server‑side validation for the document name during upload, allowing arbitrary script/HTML via the filename. Impact: remote attacker can inject script, potentiall...

CVE-2005-1076

Cross-site scripting XSS vulnerability in the discussion board functionality for WebCT Campus Edition 4.1 allows remote attackers to inject arbitrary web script or HTML via the message field...

CVE-2005-1023

CVE-2005-1023 : XSS vulnerabilities in PHP-Nuke 6.x–7.6 allow remote attackers to inject arbitrary script/HTML via specific parameters in Search, FAQ, and Encyclopedia modules (min, categories, ltr). The note clarifies that the related banner issue is covered by CVE-2005-1000. Connected documents...

CVE-2005-0992

Summary: CVE-2005-0992 is an XSS in phpMyAdmin’s index.php via the convcharset parameter. The NVD entry lists a base score of 4.3 (MEDIUM) with network access, no confidentiality impact, but partial integrity impact and no availability impact. Connected OpenVAS entries tie the vulnerability to ph...

CVE-2005-0995

Multiple cross-site scripting XSS vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via 1 the keyword parameter to advSearchh.asp, 2 the redirectUrl parameter to NewCust.asp, 3 the country parameter to storelocatorsubmit.asp, or 4 the error parameter...