Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-4876 | Cross-Site Scripting vulnerability in Ignite Realtime Openfire 2.2.2 Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-4877. | 4.3 |
| 2005-12-31 | CVE-2005-4658 | Cross-Site Scripting vulnerability in Iisworks Aspknowledgebase Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. | 6.8 |
| 2005-12-29 | CVE-2005-4583 | Cross-Site Scripting vulnerability in VMWare ESX Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). | 4.3 |
| 2005-12-22 | CVE-2005-4491 | Cross-Site Scripting vulnerability in Sitekit Solutions Sitekit CMS Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and (4) lang parameters to (a) Default.aspx, and the (6) ClickFrom parameter to (b) Request-call-back.html and (c) registration-form.html. | 4.3 |
| 2005-12-22 | CVE-2005-4485 | Cross-Site Scripting vulnerability in Iatek Projectapp Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp. | 4.3 |
| 2005-12-20 | CVE-2005-4386 | Cross-Site Scripting vulnerability in Colony products Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | 4.3 |
| 2005-12-14 | CVE-2005-4247 | Cross-Site Scripting vulnerability in Plogger Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. | 4.3 |
| 2005-12-14 | CVE-2005-4245 | Cross-Site Scripting vulnerability in Snipegallery Snipe Gallery Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | 4.3 |
| 2005-12-13 | CVE-2005-4190 | Cross-Site Scripting vulnerability in Horde Application Framework Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag. | 3.5 |
| 2005-12-07 | CVE-2005-4060 | Cross-Site Scripting vulnerability in Rainworx Rwauction PRO 4.0/5.0 Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. | 4.3 |