Explore CVEs related to XSS vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing XSS CVEs published in 2005. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2005-4877 | Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.3.0 Beta 2 allows remote attackers to inject arbitrary web script or HTML via Javascript events in the username parameter, a different vulnerability than CVE-2005-4876. | 4.3 | 0.22% | 2005-12-31 | 2026-04-16 |
| CVE-2005-4876 | Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-4877. | 4.3 | 0.22% | 2005-12-31 | 2026-04-16 |
| CVE-2005-4838 | Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. | 4.3 | 7.79% | 2005-12-31 | 2026-04-16 |
| CVE-2005-4658 | Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. | 6.8 | 1.28% | 2005-12-31 | 2026-04-16 |
| CVE-2005-4583 | Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). | 4.3 | 1.60% | 2005-12-29 | 2026-04-16 |
| CVE-2005-4491 | Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and (4) lang parameters to (a) Default.aspx, and the (6) ClickFrom parameter to (b) Request-call-back.html and (c) registration-form.html. NOTE: the vendor states "This issue was resolved by a minor update to Sitekit CMS v6.6, sanitising the html code and eradicating related security issues." | 4.3 | 1.15% | 2005-12-22 | 2026-04-16 |
| CVE-2005-4485 | Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp. | 4.3 | 0.97% | 2005-12-22 | 2026-04-16 |
| CVE-2005-4386 | Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | 4.3 | 0.35% | 2005-12-20 | 2026-04-16 |
| CVE-2005-4247 | Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. | 4.3 | 0.26% | 2005-12-14 | 2026-04-16 |
| CVE-2005-4245 | Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | 4.3 | 0.95% | 2005-12-14 | 2026-04-16 |
| CVE-2005-3352 | Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. | 4.3 | 28.14% | 2005-12-13 | 2026-04-16 |
| CVE-2005-4190 | Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag. | 3.5 | 0.83% | 2005-12-13 | 2026-04-16 |
| CVE-2005-4161 | Multiple cross-site scripting (XSS) vulnerabilities in MilliScripts 1.4 redirect script allow remote attackers to inject arbitrary web script or HTML via the domainname parameter to register.php, and other unspecified vectors. NOTE: the vendor has disputed this issue, stating "No invalid input can reach the script. | 4.3 | 0.72% | 2005-12-11 | 2026-04-16 |
| CVE-2005-4060 | Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. | 4.3 | 0.76% | 2005-12-07 | 2026-04-16 |
| CVE-2005-3955 | Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php. | 4.3 | 5.38% | 2005-12-01 | 2026-04-16 |
| CVE-2005-3908 | Cross-site scripting (XSS) vulnerability in search.php in GhostScripter Amazon Shop 5.0.0, and other versions before 5.0.2, allows remote attackers to inject web script or HTML via the query parameter. | 4.3 | 0.53% | 2005-11-30 | 2026-04-16 |
| CVE-2005-3770 | Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the subject in a post, or the user parameter to (2) profile.php and (3) mail.php. | 4.3 | 1.08% | 2005-11-23 | 2026-04-16 |
| CVE-2005-3759 | Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments. | 5.8 | 0.71% | 2005-11-22 | 2026-04-16 |
| CVE-2005-3528 | Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter. | 4.3 | 0.56% | 2005-11-20 | 2026-04-16 |
| CVE-2005-3570 | Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages". | 4.3 | 1.32% | 2005-11-16 | 2026-04-16 |