Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2006-07-28 CVE-2006-3924 Cross-Site Scripting vulnerability in Dokeos
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
dokeos CWE-79
4.3
4.3
2006-07-21 CVE-2006-3761 Cross-Site Scripting vulnerability in Mybulletinboard
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript". 		4.3
4.3
2006-07-21 CVE-2006-3756 Cross-Site Scripting vulnerability in Geeklog 1.3.11/1.4.0
Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6).
network
geeklog CWE-79
4.3
4.3
2006-07-13 CVE-2006-3579 Cross-Site Scripting vulnerability in Fujitsu Serverview
Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
fujitsu CWE-79
4.3
4.3
2006-07-13 CVE-2006-3571 Cross-Site Scripting vulnerability in Papoo 2.1.2/2.1.5/3.0.0Rc3
Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) titel or (2) ausgabe parameters.
network
high complexity
papoo CWE-79
2.6
2.6
2006-07-13 CVE-2006-3539 Cross-Site Scripting vulnerability in Dkscript Dragons Kingdom Script 1.0
Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dragon's Kingdom Script 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) Subject and (2) Message fields in a do=write (aka Send Mail Message) action in gamemail.php; the (3) Gender, (4) Country/Location, (5) MSN Messenger, (6) AOL Instant Messenger, (7) Yahoo Instant Messenger, and (8) ICQ fields in a do=onlinechar (aka Edit your Profile) action in index.php, as accessed by dk.php; a javascript URI in the SRC attribute of an IMG element in the (9) Title and (10) Message fields in a do=new (aka Create Thread) action in general.php; and a javascript URI in the SRC attribute of an IMG element in unspecified fields in (11) other Forum posts and (12) Forum replies.
network
dkscript CWE-79
4.3
4.3
2006-07-10 CVE-2006-3494 Cross-Site Scripting vulnerability in Vastal I-Tech Buddy Zone
Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in (c) view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_group.php. 		6.8
6.8
2006-06-29 CVE-2006-3306 Cross-Site Scripting vulnerability in Zoid Technologies Project Eros Bbsengine 20060223/20060429
Cross-site scripting (XSS) vulnerability in the preparestring function in lib/common.php in Project EROS bbsengine before 20060501-0142-jam, and possibly earlier versions dating back to 2006-02-23, might allow remote attackers to inject arbitrary web script or HTML via unknown vectors. 		4.3
4.3
2006-06-22 CVE-2006-3138 Cross-Site Scripting vulnerability in Accomplishtechnology PHPmydirectory
Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3) action parameter in cp/admin_index.php. 		4.3
4.3
2006-06-19 CVE-2006-3087 Cross-Site Scripting vulnerability in Ezgallery
Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pUserID, (2) aid, (3) aname, (4) uid, and (5) m parameter in (a) common/galleries.asp; (6) aid, (7) aname, (8) uid, (9) m, (10) gp, and (11) g parameter in (b) common/pupload.asp; and (12) msg, (13) fn and (14) gp parameter in (c) common/upload.asp.
network
ezgallery CWE-79
4.3
4.3