Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-13 | CVE-2006-0208 | Cross-Site Scripting vulnerability in PHP Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. | 2.6 |
| 2006-01-11 | CVE-2006-0175 | Cross-Site Scripting vulnerability in Webwiz web WIZ Forums 6.34 Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
| 2006-01-09 | CVE-2006-0140 | Cross-Site Scripting vulnerability in Navboard 16/17 Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) url bbcode tags. | 4.3 |
| 2006-01-06 | CVE-2006-0101 | Cross-Site Scripting vulnerability in Sblog Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in (a) index.php and (b) search.php. | 4.3 |
| 2006-01-05 | CVE-2006-0063 | Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.19 Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. | 4.3 |
| 2005-12-31 | CVE-2005-4877 | Cross-Site Scripting vulnerability in Ignite Realtime Openfire 2.3.0 Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.3.0 Beta 2 allows remote attackers to inject arbitrary web script or HTML via Javascript events in the username parameter, a different vulnerability than CVE-2005-4876. | 4.3 |
| 2005-12-31 | CVE-2005-4876 | Cross-Site Scripting vulnerability in Ignite Realtime Openfire 2.2.2 Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-4877. | 4.3 |
| 2005-12-31 | CVE-2005-4658 | Cross-Site Scripting vulnerability in Iisworks Aspknowledgebase Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. | 6.8 |
| 2005-12-29 | CVE-2005-4583 | Cross-Site Scripting vulnerability in VMWare ESX Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). | 4.3 |
| 2005-12-22 | CVE-2005-4491 | Cross-Site Scripting vulnerability in Sitekit Solutions Sitekit CMS Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and (4) lang parameters to (a) Default.aspx, and the (6) ClickFrom parameter to (b) Request-call-back.html and (c) registration-form.html. | 4.3 |