Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-22 | CVE-2006-6046 | Cross-Site Scripting vulnerability in Epic Designs Eggblog 3.1.0 Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) edit parameter to (a) admin/articles.php or (b) admin/comments.php, or the (2) add parameter to admin/users.php. | 6.8 |
| 2006-11-22 | CVE-2006-6037 | Cross-Site Scripting vulnerability in Leinir Travelsized CMS Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dan Jensen Travelsized CMS 0.4.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) page, (2) page_id, or (3) language parameter. | 6.8 |
| 2006-11-22 | CVE-2006-6035 | Cross-Site Scripting vulnerability in F-Art Agency Blog CMS Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter. | 6.8 |
| 2006-11-10 | CVE-2006-5847 | Cross-Site Scripting vulnerability in Freewebshop Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | 4.3 |
| 2006-11-04 | CVE-2006-5703 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.5 Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements. | 4.3 |
| 2006-10-27 | CVE-2006-5560 | Cross-Site Scripting vulnerability in Boesch It-Consulting Progsys Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and unspecified vectors related to certain other files. | 4.3 |
| 2006-10-26 | CVE-2006-5534 | Cross-Site Scripting vulnerability in Zwahlen Informatik Online Shop Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) Kat, (3) id, or (4) no parameters. | 4.3 |
| 2006-10-26 | CVE-2006-5530 | Cross-Site Scripting vulnerability in Boesch It-Consulting Simpnews 2.0.1/2.13/2.30 Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files. | 4.3 |
| 2006-10-24 | CVE-2006-5486 | Cross-Site Scripting vulnerability in SUN products Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages. | 4.3 |
| 2006-10-23 | CVE-2006-5451 | Cross-Site Scripting vulnerability in Torrentflux 2.1 Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the Activity Log; and the (4) torrent parameter, as used by the displayName variable, in (b) startpop.php, different vectors than CVE-2006-5227. | 2.6 |