Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-18 | CVE-2006-1826 | Cross-Site Scripting vulnerability in Snipegallery Snipe Gallery Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in view.php, (2) keyword parameter in search.php, and (3) image_id parameter in image.php. | 4.3 |
| 2006-04-14 | CVE-2006-1741 | Cross-Site Scripting vulnerability in multiple products Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". | 4.3 |
| 2006-04-14 | CVE-2006-1731 | Cross-Site Scripting vulnerability in Mozilla products Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | 4.3 |
| 2006-04-13 | CVE-2006-1760 | Cross-Site Scripting vulnerability in Jetphotosoft.Com Jetphoto 1.0/2.0/2.1 Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php. | 4.3 |
| 2006-04-12 | CVE-2006-1750 | Cross-Site Scripting vulnerability in JMB Software Autogallery 0.41 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Autogallery 0.41 allow remote attackers to inject arbitrary web script or HTML via the (1) pic or (2) show parameters. | 2.6 |
| 2006-04-10 | CVE-2006-0996 | Cross-Site Scripting vulnerability in PHP 4.4.2/5.1.2 Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. | 4.3 |
| 2006-03-28 | CVE-2006-1417 | Cross-Site Scripting vulnerability in Caloris Planitia Technologies web Quiz PRO 1.0 Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planitia Online Quiz System (aka Web Quiz pro), possibly 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) exam parameter in prequiz.asp or (2) msg parameter in student.asp. | 4.3 |
| 2006-03-14 | CVE-2006-1230 | Cross-Site Scripting vulnerability in Belchior Foundry Vcard 2.6/2.8/2.9 Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. | 4.3 |
| 2006-03-01 | CVE-2006-0938 | Cross-Site Scripting vulnerability in EZ Publish Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter. | 4.3 |
| 2006-02-25 | CVE-2006-0896 | Cross-Site Scripting vulnerability in Simple Machines Simple Machines Forum 1.0.6 Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field. | 4.3 |