Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-22 | CVE-2005-4485 | Cross-Site Scripting vulnerability in Iatek Projectapp Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp. | 4.3 |
2005-12-20 | CVE-2005-4386 | Cross-Site Scripting vulnerability in Colony products Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | 4.3 |
2005-12-14 | CVE-2005-4247 | Cross-Site Scripting vulnerability in Plogger Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. | 4.3 |
2005-12-14 | CVE-2005-4245 | Cross-Site Scripting vulnerability in Snipegallery Snipe Gallery Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | 4.3 |
2005-12-13 | CVE-2005-4190 | Cross-Site Scripting vulnerability in Horde Application Framework Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag. | 3.5 |
2005-12-07 | CVE-2005-4060 | Cross-Site Scripting vulnerability in Rainworx Rwauction PRO 4.0/5.0 Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. | 4.3 |
2005-12-01 | CVE-2005-3955 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php. | 4.3 |
2005-11-30 | CVE-2005-3908 | Cross-Site Scripting vulnerability in Amazon Shop Amazon Shop Cross-site scripting (XSS) vulnerability in search.php in GhostScripter Amazon Shop 5.0.0, and other versions before 5.0.2, allows remote attackers to inject web script or HTML via the query parameter. | 4.3 |
2005-11-22 | CVE-2005-3759 | Cross-Site Scripting vulnerability in Horde Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments. | 5.8 |
2005-11-20 | CVE-2005-3528 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.0/1.9.1/1.9.2 Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter. | 4.3 |