CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2006(Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1251 CVE-2006-0241 XSS 2006-01-18 2018-10-19
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field.
1252 CVE-2006-0239 XSS 2006-01-18 2018-10-19
5.8
None Remote Medium Not required Partial Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via (1) a comment to comments.asp and (2) possibly certain other fields in unspecified scripts.
1253 CVE-2006-0237 XSS 2006-01-18 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) subcat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
1254 CVE-2006-0233 79 XSS 2006-01-18 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag.
1255 CVE-2006-0222 XSS 2006-01-16 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter.
1256 CVE-2006-0220 Sql XSS 2006-01-16 2018-10-19
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13.
1257 CVE-2006-0217 XSS 2006-01-16 2017-07-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wrong since the current version as of 20060116 is 3.6.1.
1258 CVE-2006-0215 XSS 2006-01-16 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant from CVE-2006-0216.
1259 CVE-2006-0211 XSS 2006-01-14 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm Hosting Control Panel 3.2.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the txtEmailAddress parameter.
1260 CVE-2006-0210 XSS 2006-01-14 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Interspire TrackPoint NX before 0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter when using the Login page.
1261 CVE-2006-0208 79 XSS 2006-01-13 2018-10-30
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.
1262 CVE-2006-0204 XSS 2006-01-13 2018-10-19
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the "Course name" field in index.php when the frm parameter has the value "mine" and (2) possibly certain other fields in unspecified scripts.
1263 CVE-2006-0198 XSS 2006-01-13 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment.
1264 CVE-2006-0195 XSS 2006-02-24 2017-10-11
4.3
None Remote Medium Not required None Partial None
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.
1265 CVE-2006-0194 XSS 2006-01-13 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page.
1266 CVE-2006-0193 XSS 2006-01-13 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action.
1267 CVE-2006-0188 XSS 2006-02-24 2017-10-11
4.3
None Remote Medium Not required None Partial None
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.
1268 CVE-2006-0185 XSS 2006-01-12 2011-03-08
5.0
None Remote Low Not required None Partial None
Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.
1269 CVE-2006-0180 XSS 2006-01-12 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags.
1270 CVE-2006-0175 79 XSS 2006-01-11 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
1271 CVE-2006-0172 XSS 2006-01-11 2018-10-19
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML in an uploaded page, which is published without a check for hostile scripting.
1272 CVE-2006-0168 XSS 2006-01-11 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows remote attackers to inject arbitrary web script or HTML via the description field on the "Create New todo" page.
1273 CVE-2006-0165 XSS 2006-01-11 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 (gamma) allows remote attackers to inject arbitrary Javascript via the (1) url and (2) name field of the default email form.
1274 CVE-2006-0156 XSS 2006-01-10 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in (1) addpost1.php and (2) addtopic1.php.
1275 CVE-2006-0155 XSS 2006-01-10 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI.
1276 CVE-2006-0152 XSS 2006-01-10 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
1277 CVE-2006-0149 XSS 2006-01-09 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field.
1278 CVE-2006-0142 XSS 2006-01-09 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
1279 CVE-2006-0140 79 XSS 2006-01-09 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) url bbcode tags.
1280 CVE-2006-0136 XSS 2006-01-09 2018-10-19
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) comment_poster, (2) comment_poster_email, (3) comment_poster_homepage, and (4) comment_text parameters.
1281 CVE-2006-0134 XSS 2006-01-09 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter.
1282 CVE-2006-0124 XSS 2006-01-09 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field.
1283 CVE-2006-0122 XSS 2006-01-09 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter.
1284 CVE-2006-0116 XSS 2006-01-09 2018-10-19
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability search.inetstore in iNETstore Ebusiness Software 2.0 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter.
1285 CVE-2006-0112 XSS 2006-01-07 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
1286 CVE-2006-0111 XSS 2006-01-07 2017-07-20
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) parent or (2) pg parameter.
1287 CVE-2006-0110 XSS 2006-01-07 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to inject arbitrary web script via the email parameter.
1288 CVE-2006-0109 XSS 2006-01-07 2011-03-08
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
1289 CVE-2006-0102 XSS 2006-01-06 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php.
1290 CVE-2006-0101 79 XSS 2006-01-06 2017-07-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in (a) index.php and (b) search.php.
1291 CVE-2006-0093 XSS 2006-01-05 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
1292 CVE-2006-0091 XSS 2006-01-05 2016-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline.
1293 CVE-2006-0086 XSS 2006-01-05 2011-03-08
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter.
1294 CVE-2006-0084 XSS 2006-01-05 2011-03-08
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the $_SERVER[HTTP_USER_AGENT] variable (User-Agent header).
1295 CVE-2006-0080 XSS 2006-01-04 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php.
1296 CVE-2006-0078 XSS 2006-01-04 2018-10-19
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b) guestbook.php.
1297 CVE-2006-0073 XSS 2006-01-04 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
1298 CVE-2006-0070 XSS 2006-01-04 2018-10-19
4.3
None Remote Medium Not required None Partial None
** DISPUTED ** Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtered HTML" is enabled, and since "Full HTML" would not filter HTML by design, perhaps this should not be included in CVE.
1299 CVE-2006-0069 XSS 2006-01-03 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter.
1300 CVE-2006-0063 79 XSS 2006-01-05 2011-03-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357.
Total number of vulnerabilities : 1302   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 (This Page)27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.