9787 matches found
CVE-2005-1309
Cross-site scripting XSS vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the 1 entry title field or 2 comment body text...
CVE-2005-0863
Cross-site scripting XSS vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via 1 the chatter parameter to regulars.php or 2 the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php...
CVE-2005-1030
Multiple cross-site scripting XSS vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the 1 ReturnURL, 2 password, 3 username parameter, 4 ReturnURL parameter to account.asp, 5 Table, 6 Title parameter to sendpassword.asp, or 7 itemid to...
CVE-2005-1189
Cross-site scripting XSS vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attackers to inject arbitrary web script or HTML via the chat name, as demonstrated by using an IFRAME to redirect users to other sites...
CVE-2005-1016
Cross-site scripting XSS vulnerability in linksaddform.asp for MaxWebPortal 1.33 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URL in a banner URL...
CVE-2005-1162
Multiple cross-site scripting XSS vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the 1 sEmail parameter to owContactUs.asp, 2 bSub parameter to owListProduct.asp, or the 3 Name, 4 Email, or 5 Comment fields in owProductDetail.asp...
CVE-2005-1313
Cross-site scripting XSS vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title...
CVE-2005-0981
Multiple cross-site scripting XSS vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 payment or 2 send parameter...
CVE-2005-0934
Multiple cross-site scripting XSS vulnerabilities in WackoWiki R4 allow remote attackers to inject arbitrary web script or HTML via unknown vectors...
CVE-2005-1356
Cross-site scripting XSS vulnerability in includer.cgi script in The Includer allows remote attackers to inject arbitrary web script or HTML via the argument...
CVE-2005-1309
Cross-site scripting XSS vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the 1 entry title field or 2 comment body text...
CVE-2005-1292
Multiple cross-site scripting XSS vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to 1 tellAFriend.asp or 2 addToWishlist.asp, redirect parameter to 3 access.asp or 4 login.asp, message parameter to 5 login.asp or 6...
CVE-2005-1285
Cross-site scripting XSS vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter...
egroupware -- multiple cross-site scripting (XSS) and SQL injection vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the 1 abid, 2 page, 3 type, or 4 lang parameter to index.php or 5 categoryid parameter. Multiple SQL injection vulnerabilities in index.php in...
CVE-2005-1189
Cross-site scripting XSS vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attackers to inject arbitrary web script or HTML via the chat name, as demonstrated by using an IFRAME to redirect users to other sites...
CVE-2005-1172
Cross-site scripting XSS vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter...
CVE-2005-1116
Cross-site scripting XSS vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendarscheduler.php...
CVE-2005-1130
Cross-site scripting XSS vulnerability in index.php in Pinnacle Cart allows remote attackers to inject arbitrary web script or HTML via the pg parameter...
CVE-2004-0534
Cross-site scripting XSS vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document...
CVE-2005-1145
NOTE: this issue has been disputed by the vendor. Cross-site scripting XSS vulnerability in calendar.pl in CalendarScript 3.20 allows remote attackers to inject arbitrary web script or HTML via the template parameter, a different vulnerability than CVE-2005-1146...