Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-12 | CVE-2006-1750 | Cross-Site Scripting vulnerability in JMB Software Autogallery 0.41 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Autogallery 0.41 allow remote attackers to inject arbitrary web script or HTML via the (1) pic or (2) show parameters. | 2.6 |
| 2006-04-10 | CVE-2006-0996 | Cross-Site Scripting vulnerability in PHP 4.4.2/5.1.2 Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. | 4.3 |
| 2006-03-28 | CVE-2006-1417 | Cross-Site Scripting vulnerability in Caloris Planitia Technologies web Quiz PRO 1.0 Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planitia Online Quiz System (aka Web Quiz pro), possibly 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) exam parameter in prequiz.asp or (2) msg parameter in student.asp. | 4.3 |
| 2006-03-14 | CVE-2006-1230 | Cross-Site Scripting vulnerability in Belchior Foundry Vcard 2.6/2.8/2.9 Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. | 4.3 |
| 2006-03-01 | CVE-2006-0938 | Cross-Site Scripting vulnerability in EZ Publish Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter. | 4.3 |
| 2006-02-25 | CVE-2006-0896 | Cross-Site Scripting vulnerability in Simple Machines Simple Machines Forum 1.0.6 Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field. | 4.3 |
| 2006-02-23 | CVE-2006-0860 | Cross-Site Scripting vulnerability in Michael Salzer Guestbox 0.6 Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression check, and (2) other unspecified attack vectors. | 4.3 |
| 2006-02-23 | CVE-2006-0857 | Cross-Site Scripting vulnerability in E107 Chatbox Plugin and E107 Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element. | 4.3 |
| 2006-02-22 | CVE-2006-0842 | Cross-Site Scripting vulnerability in Calacode Atmail Webmail System 4.3 Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "java	script:." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 4.3 |
| 2006-02-21 | CVE-2006-0806 | Cross-Site Scripting vulnerability in John LIM Adodb Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF. | 4.3 |