Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-06-17 | CVE-2005-2022 | Cross-Site Scripting vulnerability in SUN Iplanet Messaging Server and ONE Messaging Server Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability. | 4.3 |
| 2005-06-16 | CVE-2005-1669 | Cross-site Scripting vulnerability in Opera Browser Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains. | 6.8 |
| 2005-06-14 | CVE-2005-0563 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 5.5 Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("javAsc
ript:") in an IMG tag. | 4.3 |
| 2005-05-31 | CVE-2005-1778 | Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.750 Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter. | 2.6 |
| 2005-05-16 | CVE-2005-1619 | Cross-Site Scripting vulnerability in PHPheaven PHPmychat 0.14.5 Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. | 4.3 |
| 2005-05-11 | CVE-2005-1486 | Cross-Site Scripting vulnerability in Fishnet Fishcart 3.1 Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. | 5.0 |
| 2005-05-02 | CVE-2005-1006 | Cross-site Scripting vulnerability in Sonicwall Soho Firmware 5.1.7.0 Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | 4.3 |
| 2005-05-02 | CVE-2005-0896 | Cross-Site Scripting vulnerability in Accomplishtechnology PHPmydirectory 10.1.3 Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter. | 4.3 |
| 2005-03-30 | CVE-2005-0485 | Cross-Site Scripting vulnerability in PHParena Panews 2.0B4 Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter. | 6.8 |
| 2005-03-30 | CVE-2005-0477 | Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url. | 4.3 |