6660 matches found
CVE-2005-0818
CVE-2005-0818 affects PunBB 1.2.3. The vulnerability is a Cross-site Scripting (XSS) flaw where an attacker can inject arbitrary web script or HTML via the email or Jabber parameters in profile-related input. The connected sources confirm PunBB 1.2.3 as the affected software and specify the vulne...
CVE-2005-0509
Multiple cross-site scripting XSS vulnerabilities in the Mono 1.0.5 implementation of ASP.NET .Net allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including "" and ""...
CVE-2003-1100
Multiple cross-site scripting XSS vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors...
CVE-2005-0549
Cross-site scripting XSS vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the "View Log Files" function...
CVE-2005-0660
CVE-2005-0660 affects D-Forum 1.11 with multiple cross-site scripting (XSS) vulnerabilities. The issue allows remote attackers to inject arbitrary script/HTML via certain fields, demonstrated using the page parameter in nav.php3. NVD notes network attack vector, medium complexity, no authenticati...
CVE-2005-0656
CVE-2005-0656 affects auraCMS 1.5 with multiple XSS vulnerabilities. The issues allow remote attackers to inject arbitrary web script or HTML through (1) hits.php via the hits parameter, (2) index.php via an unspecified query parameter, and (3) counter.php via the theCount parameter. The NVD entr...
CVE-2005-0650
CVE-2005-0650 : Multiple cross-site scripting vulnerabilities in ProjectBB 0.4.5.1 allow remote injection of arbitrary script/HTML. Affected vectors include (1) the pages parameter to divers.php, (2) the search feature text area, (3) forum name, (4) site name, or (5) the maximum avatar size in th...
CVE-2004-1746
The CVE-2004-1746 entry describes a Cross-site scripting (XSS) vulnerability in PHP Code Snippet Library’s index.php, exploitable via the cat_select and show parameters. The underlying issue is inadequate input sanitization in index.php, allowing remote attackers to inject arbitrary JavaScript in...
CVE-2004-1730
CVE-2004-1730 is an XSS vulnerability in the Mantis bugtracker. The issue allows remote attackers to inject arbitrary script/HTML via four vectors: (1) the return parameter to login_page.php, (2) the e-mail field in signup.php, (3) the action parameter to login_select_proj_page.php, and (4) the h...
CVE-2004-1738
Cross-site scripting XSS vulnerability in page.php in JShop allows remote attackers to inject arbitrary web script or HTML via the xPage parameter...
CVE-2005-0543
Cross-site scripting XSS vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via 1 the strServer, cfgBgcolorOne, or strServerChoice parameters in selectserver.lib.php, 2 the bgcolor or rowno parameters in displaytbllinks.lib.php, the leftfontfamily...
CVE-2005-0514
Cross-site scripting XSS vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters...
CVE-2004-1559
Multiple cross-site scripting XSS vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 redirectto, text, popupurl, or popuptitle parameters to wp-login.php, 2 redirecturl parameter to admin-header.php, 3 popuptitle, popupurl, content, or posttit...
CVE-2004-1659
Cross-site scripting XSS vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter...
CVE-2004-1559
Multiple cross-site scripting XSS vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 redirectto, text, popupurl, or popuptitle parameters to wp-login.php, 2 redirecturl parameter to admin-header.php, 3 popuptitle, popupurl, content, or posttit...
CVE-2005-0477
The CVE-2005-0477 entry describes a Cross-site scripting (XSS) vulnerability in the SML code of Invision Power Board 1.3.1 FINAL. The issue can be triggered by crafted content in (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:u...
CVE-2005-0480
CVE-2005-0480 is a cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlier. The issue arises from accepting a login request that is recorded in a log file but not properly sanitized when an administrator views the log, allowing remote attackers to inject arbitrary HTML or web scri...
CVE-2005-0495
Cross-site scripting XSS vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the 1 sn1, 2 year, or 3 page parameter to zboard.php or 4 filename to viewimage.php...
CVE-2005-0434
Multiple cross-site scripting XSS vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via 1 the newdownloadshowdays parameter in a NewDownloads operation or 2 the newlinkshowdays parameter in a NewLinks operation...
CVE-2005-0434
Multiple cross-site scripting XSS vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via 1 the newdownloadshowdays parameter in a NewDownloads operation or 2 the newlinkshowdays parameter in a NewLinks operation...