CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2006(Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-0934 XSS 2006-02-28 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the message field in the Contact Form.
2 CVE-2006-0933 XSS 2006-02-28 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a url XCode tag in a posted message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
3 CVE-2006-0927 XSS 2006-02-28 2018-10-18
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) userid parameter in (a) jgs_galerie_slideshow.php and (b) jgs_galerie_scroll.php, and the (2) katid parameter in (c) jgs_galerie_slideshow.php.
4 CVE-2006-0924 XSS 2006-02-28 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
5 CVE-2006-0923 XSS 2006-02-28 2018-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php.
6 CVE-2006-0896 79 XSS 2006-02-25 2018-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field.
7 CVE-2006-0894 XSS 2006-02-25 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the html_error_occurred parameter in error.php, (2) html_filter_select parameter in filter_prefs.php, (3) html_no_mail parameter in no_mail.php, the (4) page_line, (5) prev, and (6) next parameters in html_bottom_table.php, and the (7) _SESSION['nocc_theme'] parameter in footer.php.
8 CVE-2006-0889 XSS 2006-02-25 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows remote attackers to inject arbitrary web script or HTML via the EventText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
9 CVE-2006-0886 XSS 2006-02-25 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
10 CVE-2006-0885 XSS 2006-02-25 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter.
11 CVE-2006-0880 XSS 2006-02-24 2018-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) inf parameter; or, when register_globals is enabled, the (2) upperTemplate and (3) lowerTemplate parameters.
12 CVE-2006-0877 XSS 2006-02-24 2018-10-18
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable.
13 CVE-2006-0875 XSS 2006-02-24 2018-10-18
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter.
14 CVE-2006-0860 79 XSS Bypass 2006-02-23 2018-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression check, and (2) other unspecified attack vectors.
15 CVE-2006-0857 79 XSS 2006-02-23 2018-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element.
16 CVE-2006-0846 XSS 2006-02-22 2017-07-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly using the ViewCommentsLog function.
17 CVE-2006-0842 79 XSS 2006-02-22 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "java	script:." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
18 CVE-2006-0841 XSS 2006-02-22 2018-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.
19 CVE-2006-0833 XSS 2006-02-22 2017-07-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Directory 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) Add URL and (2) Suggest Category module. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
20 CVE-2006-0829 XSS 2006-02-21 2018-10-18
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows remote attackers to inject arbitrary web script or HTML via the referer (HTTP_REFERER), which is not sanitized when the log file is viewed by the administrator using "Click Log".
21 CVE-2006-0827 XSS 2006-02-21 2017-07-20
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
22 CVE-2006-0811 XSS 2006-02-21 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board 0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters involved with the registration form.
23 CVE-2006-0810 Exec Code XSS 2006-02-21 2017-07-20
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection.
24 CVE-2006-0806 79 XSS 2006-02-21 2018-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.
25 CVE-2006-0802 XSS 2006-02-20 2017-07-20
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation.
26 CVE-2006-0800 79 XSS Bypass 2006-02-20 2017-07-20
2.6
None Remote High Not required None Partial None
Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php.
27 CVE-2006-0796 XSS 2006-02-19 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in default.php in Clever Copy 3.0 allows remote attackers to inject arbitrary web script or HTML via the Subject field when sending private messages (privatemessages.php). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
28 CVE-2006-0792 XSS 2006-02-19 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in preferences.personal.php in V-webmail 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the newid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
29 CVE-2006-0783 XSS 2006-02-19 2018-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the comment_text parameter to the user comment page (/edit/Comment).
30 CVE-2006-0780 XSS 2006-02-19 2018-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in PerlBlog 1.09b and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters.
31 CVE-2006-0779 79 XSS 2006-02-19 2021-04-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag.
32 CVE-2006-0776 XSS 2006-02-19 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
33 CVE-2006-0773 XSS 2006-02-19 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the extended receiving box function.
34 CVE-2006-0770 XSS 2006-02-18 2017-07-20
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
35 CVE-2006-0763 XSS 2006-02-18 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter.
36 CVE-2006-0758 XSS 2006-02-18 2017-07-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) index.php and (2) possibly certain other scripts, which is not properly cleansed when accessed from the $_SERVER['PHP_SELF'] variable.
37 CVE-2006-0735 XSS 2006-02-16 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.
38 CVE-2006-0733 XSS 2006-02-16 2018-10-19
2.6
None Remote High Not required None Partial None
** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability.
39 CVE-2006-0726 XSS 2006-02-16 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users.
40 CVE-2006-0715 XSS 2006-02-15 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field.
41 CVE-2006-0706 79 XSS 2006-02-15 2020-02-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in eintrag.php in Gästebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter.
42 CVE-2006-0703 XSS 2006-02-15 2018-10-19
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter.
43 CVE-2006-0699 XSS 2006-02-15 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter.
44 CVE-2006-0689 XSS 2006-02-15 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Registration Form in TTS Time Tracking Software 3.0 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.
45 CVE-2006-0683 XSS 2006-02-15 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file.
46 CVE-2006-0682 XSS 2006-02-15 2017-07-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
47 CVE-2006-0676 XSS 2006-02-13 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter.
48 CVE-2006-0675 XSS 2006-02-13 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in Siteframe 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
49 CVE-2006-0664 XSS 2006-02-13 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
50 CVE-2006-0663 79 XSS 2006-02-13 2017-07-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java&#13;script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename.
Total number of vulnerabilities : 90   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.