Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2006-08-10 CVE-2006-4067 Cross-Site Scripting vulnerability in Cakefoundation Cakephp
Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. 		4.3
4.3
2006-08-09 CVE-2006-4038 Cross-Site Scripting vulnerability in Chaossoft Gaestechaos
Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters.
network
chaossoft CWE-79
4.3
4.3
2006-08-09 CVE-2006-3643 Cross-Site Scripting vulnerability in Microsoft IE and Internet Explorer
Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
network
microsoft CWE-79
6.0
6.0
2006-07-28 CVE-2006-3924 Cross-Site Scripting vulnerability in Dokeos
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
dokeos CWE-79
4.3
4.3
2006-07-21 CVE-2006-3761 Cross-Site Scripting vulnerability in Mybulletinboard
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript". 		4.3
4.3
2006-07-21 CVE-2006-3756 Cross-Site Scripting vulnerability in Geeklog 1.3.11/1.4.0
Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6).
network
geeklog CWE-79
4.3
4.3
2006-07-13 CVE-2006-3579 Cross-Site Scripting vulnerability in Fujitsu Serverview
Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
fujitsu CWE-79
4.3
4.3
2006-07-13 CVE-2006-3571 Cross-Site Scripting vulnerability in Papoo 2.1.2/2.1.5/3.0.0Rc3
Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) titel or (2) ausgabe parameters.
network
high complexity
papoo CWE-79
2.6
2.6
2006-07-13 CVE-2006-3539 Cross-Site Scripting vulnerability in Dkscript Dragons Kingdom Script 1.0
Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dragon's Kingdom Script 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) Subject and (2) Message fields in a do=write (aka Send Mail Message) action in gamemail.php; the (3) Gender, (4) Country/Location, (5) MSN Messenger, (6) AOL Instant Messenger, (7) Yahoo Instant Messenger, and (8) ICQ fields in a do=onlinechar (aka Edit your Profile) action in index.php, as accessed by dk.php; a javascript URI in the SRC attribute of an IMG element in the (9) Title and (10) Message fields in a do=new (aka Create Thread) action in general.php; and a javascript URI in the SRC attribute of an IMG element in unspecified fields in (11) other Forum posts and (12) Forum replies.
network
dkscript CWE-79
4.3
4.3
2006-07-10 CVE-2006-3494 Cross-Site Scripting vulnerability in Vastal I-Tech Buddy Zone
Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in (c) view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_group.php. 		6.8
6.8