r0xes

3 exploits Active since Nov 2005
CVE-2006-2228 EXPLOITDB text WORKING POC
w-Agora 4.2.0 - Cross-Site Scripting via BBCode Tag Event Bypass
Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events.
CVE-2006-2143 EXPLOITDB text WORKING POC
TextFileBB 1.0.16 - Cross-Site Scripting via BBCode Tag Event Handlers
Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) color, (2) size, or (3) url bbcode tags.
CVE-2005-3919 EXPLOITDB text WORKING POC
PBLang 4.65 - Cross-Site Scripting via UCP.php and SendPm.php
Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote attackers to inject arbitrary web script or HTML via multiple fields in (1) UCP.php and (2) SendPm.php.