377 matches found
CVE-2006-2365
Cross-site scripting XSS vulnerability in alogin.php in Vizra allows remote attackers to inject arbitrary web script or HTML via the message parameter...
CVE-2006-2146
Multiple cross-site scripting XSS vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to inject arbitrary web script or HTML via the 1 postername, 2 posteremail, 3 posterhomepage, or 4 message parameter...
CVE-2006-1977
Cross-site scripting XSS vulnerability in FlexBB 0.5.7 BETA and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 name and 2 message parameters...
Cross site scripting
Cross-site scripting XSS vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality...
CVE-2006-1660
Cross-site scripting XSS vulnerability in imagedesc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...
PT-2006-2108 · Game Panel · Game-Panel
Name of the Vulnerable Software and Affected Versions: Game-Panel versions 2.6.1 and earlier Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the message parameter in the login.php file. This may require a URL encoded value...
CVE-2005-2610
Cross-site scripting XSS vulnerability in index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the message parameter...
CVE-2002-2021
Cross-site scripting XSS vulnerability in WoltLab Burning Board wbboard 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the message parameter...
CVE-2005-2191
Multiple cross-site scripting XSS vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the 1 name parameter to comersusbackofficelistAssignedPricesToCustomer.asp or 2 message parameter to comersusbackofficemessage.asp...
CVE-2005-1292
Multiple cross-site scripting XSS vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to 1 tellAFriend.asp or 2 addToWishlist.asp, redirect parameter to 3 access.asp or 4 login.asp, message parameter to 5 login.asp or 6...
CVE-2005-1292
Multiple cross-site scripting XSS vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to 1 tellAFriend.asp or 2 addToWishlist.asp, redirect parameter to 3 access.asp or 4 login.asp, message parameter to 5 login.asp or 6...
CVE-2004-2484
Cross-site scripting XSS vulnerability in PHP Gift Registry 1.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter to 1 event.php or 2 index.php...
CVE-2004-0314
Cross-site scripting XSS vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter...
CVE-2004-0681
Multiple cross-site scripting XSS vulnerabilities in 1 comersuscustomerAuthenticateForm.asp, 2 comersusbackofficemessage.asp, 3 comersussupportError.asp, or 4 comersusmessage.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter...
YaSoft Switch Off 2.3 - 'swnet.dll' Remote Buffer Overflow
// source: https://www.securityfocus.com/bid/9340/info A vulnerability has been identified in the YaSoft Switch Off software package when handling message requests. The buffer overrun condition exists in the 'swnet.dll' module of the software due to insufficient bounds checking performed by the...
CVE-2003-0523
Cross-site scripting XSS vulnerability in msg.asp for certain versions of ProductCart allow remote attackers to execute arbitrary web script via the message parameter...
CVE-2002-1007
Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via 1 the courseid parameter in a link to login.pl, 2 the CTID parameter in ProcessInfo.cgi, or 3 the Message parameter in index.cgi...