Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2006-0032 1 PoC Analysis EPSS 0.74

Microsoft Windows - XSS

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.

CWE-79 Sep 12, 2006

CVE-2006-4712 EPSS 0.05

Sage 1.3.6 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."

CWE-79 Sep 12, 2006

CVE-2006-4542 EPSS 0.03

Usermin < 1.220 - XSS

Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.

CWE-79 Sep 05, 2006

CVE-2006-4308 1 PoC Analysis EPSS 0.01

Blackboard - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board.

CWE-79 Aug 23, 2006

CVE-2006-4299 EPSS 0.01

Tikiwiki Cms/groupware - XSS

Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

CWE-79 Aug 23, 2006

CVE-2006-4067 EPSS 0.00

Cakephp < 1.1.6.3264 - XSS

Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these details are obtained from third party information.

CWE-79 Aug 10, 2006

CVE-2006-4038 EPSS 0.01

Chaossoft Gaestechaos < 0.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters.

CWE-79 Aug 09, 2006

CVE-2006-3643 EXPLOITED EPSS 0.33

Microsoft IE - XSS

Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."

CWE-79 Aug 09, 2006

CVE-2006-3924 EPSS 0.00

Dokeos < 1.6.4 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 28, 2006

CVE-2006-3918 1 PoC Analysis EPSS 0.91

Apache HTTP Server < 1.3.35 - XSS

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

CWE-79 Jul 28, 2006

CVE-2006-3756 EPSS 0.01

Geeklog - XSS

Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6).

CWE-79 Jul 21, 2006

CVE-2006-3761 EPSS 0.01

Mybulletinboard - XSS

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript".

CWE-79 Jul 21, 2006

CVE-2006-3579 EPSS 0.01

Fujitsu Serverview - XSS

Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 13, 2006

CVE-2006-3571 1 PoC Analysis EPSS 0.09

Papoo - XSS

Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) titel or (2) ausgabe parameters.

CWE-79 Jul 13, 2006

CVE-2006-3568 1 PoC Analysis EPSS 0.01

Fantastic Guestbook - XSS

Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Fantastic Guestbook 2.0.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) nickname parameters.

CWE-79 Jul 13, 2006

CVE-2006-3539 EPSS 0.01

DKScript.com Dragon's Kingdom Script 1.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dragon's Kingdom Script 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) Subject and (2) Message fields in a do=write (aka Send Mail Message) action in gamemail.php; the (3) Gender, (4) Country/Location, (5) MSN Messenger, (6) AOL Instant Messenger, (7) Yahoo Instant Messenger, and (8) ICQ fields in a do=onlinechar (aka Edit your Profile) action in index.php, as accessed by dk.php; a javascript URI in the SRC attribute of an IMG element in the (9) Title and (10) Message fields in a do=new (aka Create Thread) action in general.php; and a javascript URI in the SRC attribute of an IMG element in unspecified fields in (11) other Forum posts and (12) Forum replies.

CWE-79 Jul 13, 2006

CVE-2006-3494 EPSS 0.08

Buddy Zone 1.0.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in (c) view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_group.php.

CWE-79 Jul 10, 2006

CVE-2006-3295 1 PoC Analysis EPSS 0.01

Open Guestbook 0.5 - XSS

Cross-site scripting (XSS) vulnerability in header.php in Open Guestbook 0.5 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

CWE-79 Jun 29, 2006

CVE-2006-3306 EPSS 0.00

Project EROS bbsengine <20060501-0142-jam - XSS

Cross-site scripting (XSS) vulnerability in the preparestring function in lib/common.php in Project EROS bbsengine before 20060501-0142-jam, and possibly earlier versions dating back to 2006-02-23, might allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

CWE-79 Jun 29, 2006

CVE-2006-3240 EPSS 0.01

dotProject <2.0.3 - XSS

Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.

CWE-79 Jun 27, 2006

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps