Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-12 | CVE-2006-2951 | Cross-Site Scripting vulnerability in Npds 4.8/5.0 Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the (1) Titlesitename or (2) sitename parameter to (a) header.php, (3) nuke_url parameter to (b) meta/meta.php, (4) forum parameter to (c) viewforum.php, (5) post_id, (6) forum, (7) topic, or (8) arbre parameter to (d) editpost.php, or (9) uname or (10) email parameter to (e) user.php. | 6.8 |
| 2006-06-05 | CVE-2006-2816 | Cross-Site Scripting vulnerability in Coolphp Magazine Multiple cross-site scripting (XSS) vulnerabilities in index.php in coolphp magazine allow remote attackers to inject arbitrary web script or HTML via the (1) op and (2) nick parameters, and possibly the (3) 0000, (4) userinfo, (5) comp_der, (6) encuestas, and (7) pagina parameters. | 4.3 |
| 2006-06-05 | CVE-2006-2815 | Cross-Site Scripting vulnerability in TWO Shoes Mambo Factory Simpleboard 1.1.0Stable Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes M-Factory (TSMF) SimpleBoard 1.1.0 Stable (aka com_simpleboard), as used in Mambo and Joomla!, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in "post ne topic" in the Frontend, (2) the Title (aka Community-Title) field in Simpleboard Configuration in the Backend Admin Panel, and the (3) Name (aka Forum-Title) and (4) Name (aka Category-Title) fields in Simpleboard Administration in the Backend Admin Panel. | 6.8 |
| 2006-06-03 | CVE-2006-2803 | Cross-Site Scripting vulnerability in Deltascripts PHP Manualmaker 1.0 Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) id parameter to index.php, (2) search field (possibly the s parameter), or (3) comment field. | 6.8 |
| 2006-06-03 | CVE-2006-2800 | Cross-Site Scripting vulnerability in Unak CMS Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u_a or (2) u_s parameters. | 6.8 |
| 2006-06-03 | CVE-2006-2796 | Cross-Site Scripting vulnerability in New-Place Captivate 1.0 Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message. | 6.8 |
| 2006-06-02 | CVE-2006-2783 | Cross-Site Scripting vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT. | 4.3 |
| 2006-05-30 | CVE-2006-2669 | Cross-Site Scripting vulnerability in Preprojects.Com PRE Shopping Mall 1.0 Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Mall 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter in search.php (the "search box"), (2) the prodid parameter in detail.php, and the (3) cid parameter in products.php. | 4.3 |
| 2006-05-30 | CVE-2006-2663 | Cross-Site Scripting vulnerability in Ifusionservices Iflance 1.1 Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 allow remote attackers to inject arbitrary web script or HTML via certain inputs to (1) acc_verify.php or (2) project.php. | 4.3 |
| 2006-05-30 | CVE-2006-2649 | Cross-Site Scripting vulnerability in Cosmicphp Cosmicshoppingcart Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) search_price.php, and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php. | 6.8 |