Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2006-10-26	CVE-2006-5534	Cross-Site Scripting vulnerability in Zwahlen Informatik Online Shop Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) Kat, (3) id, or (4) no parameters. network zwahlen-informatik CWE-79	4.3
2006-10-26	CVE-2006-5530	Cross-Site Scripting vulnerability in Boesch It-Consulting Simpnews 2.0.1/2.13/2.30 Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files. network boesch-it-consulting CWE-79	4.3
2006-10-24	CVE-2006-5486	Cross-Site Scripting vulnerability in SUN products Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages. network sun CWE-79	4.3
2006-10-23	CVE-2006-5451	Cross-Site Scripting vulnerability in Torrentflux 2.1 Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the Activity Log; and the (4) torrent parameter, as used by the displayName variable, in (b) startpop.php, different vectors than CVE-2006-5227. network high complexity torrentflux CWE-79	2.6
2006-10-17	CVE-2006-5330	Cross-Site Scripting vulnerability in Adobe Flash Player CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. network low complexity adobe CWE-79	5.0
2006-10-12	CVE-2006-5239	Cross-Site Scripting vulnerability in Expblog Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the query string (PHP_SELF) in kalender.php or (2) the captcha_session_code parameter in pre_details.php. network expblog CWE-79	4.3
2006-10-10	CVE-2006-5168	Cross-Site Scripting vulnerability in Simon Brown Pebble 2.0.0 Cross-site scripting (XSS) vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query string. network simon-brown CWE-79	4.3
2006-10-03	CVE-2006-5119	Cross-Site Scripting vulnerability in ZEN Cart ZEN Cart 1.3.5 Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name or (2) admin_pass parameter in (a) admin/login.php, or the (3) admin_email parameter in (b) admin/password_forgotten.php. network high complexity zen-cart CWE-79	4.0
2006-09-29	CVE-2006-5080	Cross-Site Scripting vulnerability in SIX Apart Movable Type Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network six-apart CWE-79	4.3
2006-09-26	CVE-2006-4985	Cross-Site Scripting vulnerability in Grayscale Bandsite CMS 1.1 Multiple cross-site scripting (XSS) vulnerabilities in Grayscale BandSite CMS allow remote attackers to inject arbitrary web script or HTML via (1) the max_file_size_purdy parameter in adminpanel/includes/helpfiles/help_mp3.php, (2) the message_text parameter in adminpanel/includes/mailinglist/sendemail.php, (3) the this_year parameter in includes/footer.php, and the band parameter in (4) adminpanel/includes/helpfiles/help_news.php (5) adminpanel/includes/helpfiles/help_merch.php, (6) adminpanel/includes/header.php, and (7) adminpanel/login_header.php; and includes/content/ files including (8) bio_content.php, (9) gbook_content.php, (10) interview_content.php, (11) links_content.php, (12) lyrics_content.php, (13) member_content.php, (14) merch_content.php, (15) mp3_content.php, (16) news_content.php, (17) pastshows_content.php, (18) photo_content.php, (19) releases_content.php, (20) reviews_content.php, (21) shows_content.php, and (22) signgbook_content.php. network grayscale CWE-79	4.3