Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-19 | CVE-2006-3061 | Cross-Site Scripting vulnerability in Review-Script.Com Five Star Review Script Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the "search box") in search_reviews.php, (4) the profile field in usercp/profile_edit1.php, and the (5) review field in review_form.php. | 2.6 |
| 2006-06-16 | CVE-2006-3047 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |
| 2006-06-13 | CVE-2006-1193 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 2000 Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." | 2.6 |
| 2006-06-13 | CVE-2006-2994 | Cross-Site Scripting vulnerability in Christian Becher Phazizguestbook 2.0 Multiple cross-site scripting (XSS) vulnerabilities in index.php in phazizGuestbook 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) url fields, and (4) text field (content parameter). | 5.8 |
| 2006-06-12 | CVE-2006-2951 | Cross-Site Scripting vulnerability in Npds 4.8/5.0 Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the (1) Titlesitename or (2) sitename parameter to (a) header.php, (3) nuke_url parameter to (b) meta/meta.php, (4) forum parameter to (c) viewforum.php, (5) post_id, (6) forum, (7) topic, or (8) arbre parameter to (d) editpost.php, or (9) uname or (10) email parameter to (e) user.php. | 6.8 |
| 2006-06-05 | CVE-2006-2816 | Cross-Site Scripting vulnerability in Coolphp Magazine Multiple cross-site scripting (XSS) vulnerabilities in index.php in coolphp magazine allow remote attackers to inject arbitrary web script or HTML via the (1) op and (2) nick parameters, and possibly the (3) 0000, (4) userinfo, (5) comp_der, (6) encuestas, and (7) pagina parameters. | 4.3 |
| 2006-06-05 | CVE-2006-2815 | Cross-Site Scripting vulnerability in TWO Shoes Mambo Factory Simpleboard 1.1.0Stable Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes M-Factory (TSMF) SimpleBoard 1.1.0 Stable (aka com_simpleboard), as used in Mambo and Joomla!, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in "post ne topic" in the Frontend, (2) the Title (aka Community-Title) field in Simpleboard Configuration in the Backend Admin Panel, and the (3) Name (aka Forum-Title) and (4) Name (aka Category-Title) fields in Simpleboard Administration in the Backend Admin Panel. | 6.8 |
| 2006-06-03 | CVE-2006-2803 | Cross-Site Scripting vulnerability in Deltascripts PHP Manualmaker 1.0 Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) id parameter to index.php, (2) search field (possibly the s parameter), or (3) comment field. | 6.8 |
| 2006-06-03 | CVE-2006-2800 | Cross-Site Scripting vulnerability in Unak CMS Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u_a or (2) u_s parameters. | 6.8 |
| 2006-06-03 | CVE-2006-2796 | Cross-Site Scripting vulnerability in New-Place Captivate 1.0 Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message. | 6.8 |