Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file.
Max CVSS
4.3
EPSS Score
0.48%
Published
2006-01-31
Updated
2018-10-19
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).
Max CVSS
4.3
EPSS Score
0.71%
Published
2006-01-31
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.
Max CVSS
4.3
EPSS Score
1.89%
Published
2006-01-31
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.
Max CVSS
4.3
EPSS Score
1.56%
Published
2006-01-31
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in the bbcode function in functions.php in my little homepage my little forum, as last modified in June 2005, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.
Max CVSS
4.3
EPSS Score
1.56%
Published
2006-01-31
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection.
Max CVSS
4.3
EPSS Score
1.52%
Published
2006-01-31
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag.
Max CVSS
4.3
EPSS Score
0.65%
Published
2006-01-30
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in search.asp in Goldstag Content Management System allows remote attackers to inject arbitrary web script or HTML via the text parameter.
Max CVSS
4.3
EPSS Score
0.26%
Published
2006-01-27
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in active121 Site Manager allows remote attackers to inject arbitrary web script or HTML via the cerca parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2006-01-27
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows remote attackers to inject arbitrary web script or HTML via the (1) goto_id parameter to index.php or (2) page parameter to news_full.php.
Max CVSS
4.3
EPSS Score
0.15%
Published
2006-01-27
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer).
Max CVSS
4.3
EPSS Score
1.17%
Published
2006-01-27
Updated
2018-10-19
SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax.
Max CVSS
6.8
EPSS Score
0.69%
Published
2006-01-26
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) realname and (2) comment parameters, or (3) via a javascript URI in the url parameter, when adding a comment.
Max CVSS
4.3
EPSS Score
1.45%
Published
2006-01-26
Updated
2018-10-19
Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219.
Max CVSS
4.3
EPSS Score
0.53%
Published
2006-01-26
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter.
Max CVSS
4.3
EPSS Score
0.33%
Published
2006-01-25
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup.
Max CVSS
4.3
EPSS Score
2.82%
Published
2006-01-25
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2) an iframe tag in the topic parameter. NOTE: the original disclosure specified the name parameter, but a correction was later provided. NOTE: followup posts have both disputed and confirmed the original claim.
Max CVSS
4.3
EPSS Score
1.38%
Published
2006-01-25
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager allows remote attackers to inject arbitrary web script or HTML via the product_id parameter, as originally demonstrated for a custom mp3players_details.php program. NOTE: the name of the affected program might be installation-dependent, but it has been identified as "product_details.php" by some sources.
Max CVSS
4.3
EPSS Score
0.59%
Published
2006-01-23
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in register.aspx in Douran FollowWeb allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
4.3
EPSS Score
0.23%
Published
2006-01-22
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a BBCode img tag.
Max CVSS
4.3
EPSS Score
0.53%
Published
2006-01-22
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in XMB (aka extreme message board) allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element.
Max CVSS
4.3
EPSS Score
0.29%
Published
2006-01-22
Updated
2021-04-29
Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116".
Max CVSS
4.3
EPSS Score
6.98%
Published
2006-01-22
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an <a> tag in the comment parameter, which strips most tags but not <a>.
Max CVSS
4.3
EPSS Score
1.27%
Published
2006-01-22
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote attackers to inject arbitrary web script or HTML via the message field to topic.php.
Max CVSS
4.3
EPSS Score
2.85%
Published
2006-01-21
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via a website field in a new comment to view.php, which is not properly handled in the comment function in functions.php.
Max CVSS
4.3
EPSS Score
1.20%
Published
2006-01-21
Updated
2017-07-20
87 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!