Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-11-29 | CVE-2006-6162 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.6 Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. | 4.3 |
2006-11-28 | CVE-2006-6159 | Cross-Site Scripting vulnerability in Deskpro 2.0.0/2.0.1 Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in DeskPRO 2.0.0 and 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) message or (2) subject parameter. | 6.8 |
2006-11-26 | CVE-2006-6108 | Cross-Site Scripting vulnerability in Ec-Cube 1.0 Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |
2006-11-24 | CVE-2006-6096 | Cross-Site Scripting vulnerability in Dotnetindex Active News Manager Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |
2006-11-22 | CVE-2006-6046 | Cross-Site Scripting vulnerability in Epic Designs Eggblog 3.1.0 Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) edit parameter to (a) admin/articles.php or (b) admin/comments.php, or the (2) add parameter to admin/users.php. | 6.8 |
2006-11-22 | CVE-2006-6037 | Cross-Site Scripting vulnerability in Leinir Travelsized CMS Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dan Jensen Travelsized CMS 0.4.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) page, (2) page_id, or (3) language parameter. | 6.8 |
2006-11-22 | CVE-2006-6035 | Cross-Site Scripting vulnerability in F-Art Agency Blog CMS Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter. | 6.8 |
2006-11-10 | CVE-2006-5847 | Cross-Site Scripting vulnerability in Freewebshop Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | 4.3 |
2006-11-04 | CVE-2006-5703 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.5 Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements. | 4.3 |
2006-10-27 | CVE-2006-5560 | Cross-Site Scripting vulnerability in Boesch It-Consulting Progsys Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and unspecified vectors related to certain other files. | 4.3 |