CVE-2006-1660

Cross-site scripting XSS vulnerability in imagedesc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

CVE-2006-1498

Cross-site scripting XSS vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links...

CoMoblog 1.0 - 'Img.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/17201/info CoMoblog is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of ...

CVE-2006-1295

Cross-site scripting XSS vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter...

PT-2006-2218 · Textfilebb · Textfilebb

Name of the Vulnerable Software and Affected Versions: textfileBB versions 1.0 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via the mess and user parameters in "messanger.php", possibly requiring a URL encoded value. Recommendations: For...

CVE-2006-0149

Cross-site scripting XSS vulnerability in SimpBook 1.0, with htmlenable on the default, allows remote attackers to inject arbitrary web script or HTML via the message field...

CVE-2005-4494

Cross-site scripting XSS vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 spiplogin.php3 and 2 spippass.php3...

CVE-2005-3352

Cross-site scripting XSS vulnerability in the modimap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps...

PT-2005-4860 · Milliscripts · Milliscripts

Name of the Vulnerable Software and Affected Versions: MilliScripts version 1.4 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the domainname parameter to "register.php", and other unspecified vectors. The vendor has disputed this issue, stating that no...

CVE-2005-3665

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPHOST variable and 2 various scripts in the libraries directory that handle header generation...

CVE-2005-3787

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via 1 the cookie-based login panel, 2 the title parameter and 3 the table creation dialog...

CVE-2005-3688

Cross-site scripting XSS vulnerability in members.php in XMB 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Your Current Mood" field in the registration page...

Zeroboard < 4.1pl5 Multiple Vulnerabilities - Active Check

Zeroboard is prone to arbitrary PHP code execution and cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Brooky CubeCart index.php language XSS

The remote host runs CubeCart, is an eCommerce script written with PHP & MySQL. This version is vulnerable to cross-site scripting and remote script injection due to a lack of sanitization of user-supplied data. Successful exploitation of this issue may allow an attacker to execute malicious scri...

Zeroboard flaws

The remote web server contains several PHP scripts that are prone to arbitrary PHP code execution and cross-site scripting attacks. Description : The remote host runs Zeroboard, a web BBS application popular in Korea. The remote version of this software is vulnerable to cross-site scripting and...

CVE-2005-3430

Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as 1 .unk, 2 .asa, and possibly 3 .htr and 4 .aspx, which are not filtered like the .asp extension...

CVE-2005-3301

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to 1 left.php, 2 queryframe.php, or 3 serverdatabases.php...

CVE-2005-3165

Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via 1 tags or 2 Extension or sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet...

CVE-2005-2860

Cross-site scripting XSS vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report...

Microsoft IIS 5.1 - WebDAV HTTP Request Source Code Disclosure

Microsoft IIS 5.1 - WebDAV HTTP Request Source Code Disclosure source: https://www.securityfocus.com/bid/14764/info Microsoft IIS is reportedly affected by a remote script source disclosure vulnerability. A successful attack causes the Web server to present the requested file as a plain text file...