CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2006(Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2006-1818 XSS 2006-04-18 2018-10-18
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php. NOTE: portions of these details were obtained from third party sources instead of the original disclosure.
902 CVE-2006-1815 XSS 2006-04-18 2017-07-20
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_realname and (2) newuser_icq parameters, a different vector than CVE-2006-1768. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
903 CVE-2006-1810 XSS 2006-04-18 2018-10-18
1.9
None Local Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the (1) ICQ, (2) AIM, (3) MSN, (4) Google Talk, (5) Website Name, (6) Website Address, (7) Email Address, (8) Location, (9) Signature, and (10) Sub-Titles fields in the user profile.
904 CVE-2006-1808 XSS 2006-04-18 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation.
905 CVE-2006-1806 XSS 2006-04-18 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action.
906 CVE-2006-1803 XSS 2006-04-18 2018-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.
907 CVE-2006-1802 XSS 2006-04-18 2018-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the twg_album parameter.
908 CVE-2006-1801 XSS 2006-04-18 2018-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in planetsearchplus.php in planetSearch+ allows remote attackers to inject arbitrary web script or HTML via the search_exp parameter.
909 CVE-2006-1796 XSS 2006-04-17 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']).
910 CVE-2006-1795 XSS 2006-04-17 2011-03-08
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of Table field.
911 CVE-2006-1791 XSS Dir. Trav. 2006-04-14 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails.
912 CVE-2006-1786 XSS 2006-04-13 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue.
913 CVE-2006-1783 XSS 2006-04-13 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI.
914 CVE-2006-1779 XSS 2006-04-13 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter.
915 CVE-2006-1775 XSS 2006-04-13 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603.
916 CVE-2006-1769 XSS 2006-04-13 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila 9.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the mode parameter in msgReader$1 and (2) the end of the URI in viewDepartment$.
917 CVE-2006-1768 XSS 2006-04-13 2018-10-18
5.1
None Remote High Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_name, (2) newuser_email, and (3) newuser_hp parameters in the faction=register mode in index.php.
918 CVE-2006-1765 XSS 2006-04-13 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
919 CVE-2006-1762 XSS Dir. Trav. 2006-04-13 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. NOTE: this issue can be exploited to produce resultant XSS when the parameter has XSS manipulations, and path disclosure with other invalid values.
920 CVE-2006-1761 XSS 2006-04-13 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in the shard parameter is not XSS and has been assigned a separate name.
921 CVE-2006-1760 79 XSS 2006-04-13 2017-07-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php.
922 CVE-2006-1759 XSS 2006-04-13 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter.
923 CVE-2006-1757 XSS 2006-04-13 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
924 CVE-2006-1752 XSS 2006-04-12 2017-07-20
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the backend in MvBlog before 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) body fields in a comment.
925 CVE-2006-1750 79 XSS 2006-04-12 2017-07-20
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Autogallery 0.41 allow remote attackers to inject arbitrary web script or HTML via the (1) pic or (2) show parameters.
926 CVE-2006-1748 XSS 2006-04-12 2021-04-29
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript.
927 CVE-2006-1745 XSS 2006-04-12 2011-03-08
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
928 CVE-2006-1741 79 XSS 2006-04-14 2018-10-18
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".
929 CVE-2006-1732 XSS Bypass 2006-04-14 2018-10-18
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array.
930 CVE-2006-1731 79 XSS 2006-04-14 2018-10-18
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
931 CVE-2006-1722 XSS 2006-04-11 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 allows remote attackers to inject arbitrary web script or HTML via the Suchstring1 (aka search) parameter.
932 CVE-2006-1720 Sql XSS 2006-04-11 2018-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection.
933 CVE-2006-1717 XSS 2006-04-11 2018-10-18
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username.
934 CVE-2006-1716 XSS 2006-04-11 2018-10-18
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue.
935 CVE-2006-1713 XSS 2006-04-11 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
936 CVE-2006-1712 XSS 2006-04-11 2011-03-08
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.
937 CVE-2006-1709 XSS 2006-04-11 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters.
938 CVE-2006-1701 XSS 2006-04-11 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php.
939 CVE-2006-1699 XSS 2006-04-11 2017-07-20
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner Generator 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the banner parameter in view mode.
940 CVE-2006-1698 XSS 2006-04-11 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis.
941 CVE-2006-1697 XSS 2006-04-11 2018-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.
942 CVE-2006-1696 XSS 2006-04-11 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
943 CVE-2006-1690 XSS 2006-04-11 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the user_name parameter.
944 CVE-2006-1687 XSS 2006-04-11 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality.
945 CVE-2006-1682 XSS 2006-04-11 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml script.
946 CVE-2006-1681 XSS 2006-04-11 2020-12-23
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
947 CVE-2006-1679 XSS 2006-04-11 2018-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in modules/online.php in Jupiter CMS 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the layout parameter to index.php.
948 CVE-2006-1678 XSS 2006-04-11 2017-07-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.
949 CVE-2006-1675 XSS 2006-04-10 2018-10-18
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and (6) start parameters to (b) picture.php, a different vulnerability than CVE-2006-1674.
950 CVE-2006-1674 XSS 2006-04-10 2008-09-05
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675.
Total number of vulnerabilities : 1302   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 (This Page)20 21 22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.