Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-29 | CVE-2006-6824 | Cross-Site Scripting vulnerability in PHP Icalendar PHP Icalendar Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. | 4.3 |
| 2006-12-27 | CVE-2006-6746 | Cross-Site Scripting vulnerability in Dreaxteam Xt-News 0.1 Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php. | 4.3 |
| 2006-12-26 | CVE-2006-6734 | Cross-Site Scripting vulnerability in Obie Website Mini web Shop 2.1.C Cross-site scripting (XSS) vulnerability in modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to inject arbitrary web script or HTML via the catname parameter. | 4.3 |
| 2006-12-26 | CVE-2006-6733 | Cross-Site Scripting vulnerability in Osticket STS 1.2.7/1.3Beta Cross-site scripting (XSS) vulnerability in support/view.php in Support Cards 1 (osTicket) allows remote attackers to inject arbitrary web script or HTML via the e parameter. | 4.3 |
| 2006-12-26 | CVE-2006-6729 | Cross-Site Scripting vulnerability in A-Blog Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2006-12-21 | CVE-2006-6687 | Cross-Site Scripting vulnerability in Web-App.Net Webapp 0.9.9.3.4/0.9.9.4 Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2006-12-10 | CVE-2006-6451 | Cross-Site Scripting vulnerability in Swsoft Plesk 7.5 Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3. | 6.8 |
| 2006-12-10 | CVE-2006-6401 | Cross-Site Scripting vulnerability in Mystats Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in MyStats 1.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) connexion, (2) by, and (3) details parameter. | 6.8 |
| 2006-12-07 | CVE-2006-6359 | Cross-Site Scripting vulnerability in Stefan Frech Online-Bookmarks 0.6.12 Cross-site scripting (XSS) vulnerability in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.8 |
| 2006-11-29 | CVE-2006-6163 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters. | 4.3 |