endity.com ShoutBOX - Cross-Site Scripting via Site Parameter
Cross-site scripting vulnerability in board.php of endity.com ShoutBOX allows remote attackers to inject arbitrary HTML into the shoutbox page via the site parameter.
PHP-Nuke 5.0-6.0 - Cross-Site Scripting via Your_Account user_avatar Parameter
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.