Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-09-07 | CVE-2005-2818 | Cross-Site Scripting vulnerability in Eric Fichot Downfile 1.3 Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to (1) email.php,(2) index.php, (3) del.php, or (4) add_form.php. | 4.3 |
2005-08-01 | CVE-2005-2406 | Cross-site Scripting vulnerability in Opera Browser 8.01 Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a user into dragging an image that is a "javascript:" URI. | 4.3 |
2005-07-13 | CVE-2005-2254 | Cross-Site Scripting vulnerability in Gianluca Baldo PHPauction 2.5 Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. | 4.3 |
2005-06-17 | CVE-2005-2022 | Cross-Site Scripting vulnerability in SUN Iplanet Messaging Server and ONE Messaging Server Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability. | 4.3 |
2005-06-16 | CVE-2005-1669 | Cross-site Scripting vulnerability in Opera Browser Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains. | 6.8 |
2005-06-14 | CVE-2005-0563 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 5.5 Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("javAsc
ript:") in an IMG tag. | 4.3 |
2005-05-31 | CVE-2005-1778 | Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.750 Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter. | 2.6 |
2005-05-16 | CVE-2005-1619 | Cross-Site Scripting vulnerability in PHPheaven PHPmychat 0.14.5 Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. | 4.3 |
2005-05-11 | CVE-2005-1486 | Cross-Site Scripting vulnerability in Fishnet Fishcart 3.1 Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. | 5.0 |
2005-05-02 | CVE-2005-1006 | Cross-site Scripting vulnerability in Sonicwall Soho Firmware 5.1.7.0 Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | 4.3 |