Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-16 | CVE-2006-2420 | Cross-Site Scripting vulnerability in Mozilla Bugzilla 2.20/2.21/2.21.1 Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting (XSS) attacks via a title element with HTML encoded sequences such as ">", which are automatically decoded by some RSS readers. | 4.3 |
2006-05-16 | CVE-2006-2417 | Cross-Site Scripting vulnerability in PHPmyadmin 2.8.0.1/2.8.0.2/2.8.0.3 Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. | 4.3 |
2006-05-15 | CVE-2006-2351 | Cross-Site Scripting vulnerability in Ipswitch Whatsup Professional 2006/2006Premium Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. | 4.3 |
2006-05-04 | CVE-2006-2181 | Cross-Site Scripting vulnerability in Albinator Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to dlisting.php or (2) preloadSlideShow parameter to showpic.php. | 4.3 |
2006-05-04 | CVE-2006-2178 | Cross-Site Scripting vulnerability in Smartwin Technology Cyberoffice Warehouse Builder Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter to browse0.htm, (3) rowcolor parameter to result.asp, or (4) heading parameter to result.asp. | 5.8 |
2006-04-29 | CVE-2006-2084 | Cross-Site Scripting vulnerability in Farsinews 2.1/2.1Beta2/2.5 Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in (a) index.php, and the (3) mod parameter in (b) admin.php. | 4.3 |
2006-04-27 | CVE-2006-2066 | Cross-Site Scripting vulnerability in Mkportal 1.1Rc1 Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters. | 4.3 |
2006-04-25 | CVE-2006-2016 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php. | 2.6 |
2006-04-20 | CVE-2006-1918 | Cross-Site Scripting vulnerability in Papoo 2.1.5 Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 allow remote attackers to inject arbitrary web script or HTML via the menuid parameter to (1) index.php or (2) forum.php, or the (3) reporeid_print parameter to print.php. | 2.6 |
2006-04-20 | CVE-2006-1898 | Cross-Site Scripting vulnerability in Ralph Capper Tinyphpforum 3.6 Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name. | 2.6 |