Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-09-05 | CVE-2006-4542 | Cross-Site Scripting vulnerability in multiple products Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. | 6.8 |
2006-08-23 | CVE-2006-4308 | Cross-Site Scripting vulnerability in Blackboard products Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board. | 4.3 |
2006-08-23 | CVE-2006-4299 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.4 Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. | 4.3 |
2006-08-10 | CVE-2006-4067 | Cross-Site Scripting vulnerability in Cakefoundation Cakephp Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. | 4.3 |
2006-08-09 | CVE-2006-4038 | Cross-Site Scripting vulnerability in Chaossoft Gaestechaos Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters. | 4.3 |
2006-08-09 | CVE-2006-3643 | Cross-Site Scripting vulnerability in Microsoft IE and Internet Explorer Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." | 6.0 |
2006-07-28 | CVE-2006-3924 | Cross-Site Scripting vulnerability in Dokeos Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2006-07-21 | CVE-2006-3761 | Cross-Site Scripting vulnerability in Mybulletinboard Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript". | 4.3 |
2006-07-21 | CVE-2006-3756 | Cross-Site Scripting vulnerability in Geeklog 1.3.11/1.4.0 Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6). | 4.3 |
2006-07-13 | CVE-2006-3579 | Cross-Site Scripting vulnerability in Fujitsu Serverview Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |