Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-23 | CVE-2006-0860 | Cross-Site Scripting vulnerability in Michael Salzer Guestbox 0.6 Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression check, and (2) other unspecified attack vectors. | 4.3 |
| 2006-02-23 | CVE-2006-0857 | Cross-Site Scripting vulnerability in E107 Chatbox Plugin and E107 Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element. | 4.3 |
| 2006-02-22 | CVE-2006-0842 | Cross-Site Scripting vulnerability in Calacode Atmail Webmail System 4.3 Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "java	script:." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 4.3 |
| 2006-02-21 | CVE-2006-0806 | Cross-Site Scripting vulnerability in John LIM Adodb Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF. | 4.3 |
| 2006-02-20 | CVE-2006-0800 | Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php. | 2.6 |
| 2006-02-19 | CVE-2006-0779 | Cross-Site Scripting vulnerability in XMB Forum XMB Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag. | 4.3 |
| 2006-02-15 | CVE-2006-0706 | Cross-Site Scripting vulnerability in Gastebuch Cross-site scripting vulnerability in eintrag.php in Gästebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter. | 4.3 |
| 2006-02-13 | CVE-2006-0663 | Cross-Site Scripting vulnerability in IBM Lotus Domino Inotes Client 6.5.4/7.0 Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename. | 4.3 |
| 2006-02-08 | CVE-2006-0603 | Cross-Site Scripting vulnerability in Hinton Design PHPhg Guestbook 1.2 Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) location, (2) website, or (3) message parameter. | 6.4 |
| 2006-02-04 | CVE-2006-0535 | Cross-Site Scripting vulnerability in Communityserver.Org Community Server Multiple cross-site scripting (XSS) vulnerabilities in Community Server allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |