Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-07 | CVE-2006-6375 | HTML Injection vulnerability in SMF Image File Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection. network simple-machines | 6.8 |
| 2006-12-07 | CVE-2006-6373 | Information Disclosure vulnerability in PHPmyadmin 2.7.0Pl2 PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message. | 5.0 |
| 2006-12-07 | CVE-2006-6372 | Cross-Site Scripting vulnerability in James Barnsley JAB Guest Book 20061205 Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php in JAB Guest Book 20061205 allow remote attackers to inject arbitrary web script or HTML via the (1) topic or (2) message parameter. network james-barnsley | 6.8 |
| 2006-12-07 | CVE-2006-6371 | HTML Injection vulnerability in JAB Guest Book Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter. network james-barnsley | 6.8 |
| 2006-12-07 | CVE-2006-6366 | Cross-Site Scripting vulnerability in Cerberus Helpdesk Spellwin.PHP Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. network cerberus | 6.8 |
| 2006-12-07 | CVE-2006-6364 | Cross-Site Scripting vulnerability in Inside Systems Inside Systems Mail2.0 Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. network inside-systems | 6.8 |
| 2006-12-07 | CVE-2006-6363 | Cross-Site Scripting vulnerability in BlueSocket BSC 2100 Admin.PL Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via the ad_name parameter. network bluesocket | 6.8 |
| 2006-12-07 | CVE-2006-6359 | Cross-Site Scripting vulnerability in Stefan Frech Online-Bookmarks 0.6.12 Cross-site scripting (XSS) vulnerability in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.8 |
| 2006-12-07 | CVE-2006-6357 | Cross-Site Scripting vulnerability in PHPNews Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in PHPNews 1.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network phpnews | 6.8 |
| 2006-12-07 | CVE-2006-6356 | Cross-Site Scripting vulnerability in PHPnews 1.3 Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parameter. network phpnews | 6.8 |