Export limit exceeded: 346267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45556 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2567 | 1 Fenrir | 1 Grani | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 Release2 and earlier, Portable Sleipnir 2.7.1 Release2 and earlier, and Grani 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a history mechanism and favorites search, a different vulnerability than CVE-2007-6002. | ||||
| CVE-2006-6035 | 1 F-art Agency | 1 Blog Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter. | ||||
| CVE-2006-6037 | 1 Leinir | 1 Travelsized Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dan Jensen Travelsized CMS 0.4.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) page, (2) page_id, or (3) language parameter. | ||||
| CVE-2007-1774 | 1 Unverse.net | 1 Abitwhizzy | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy allow remote attackers to inject arbitrary web script or HTML via the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php. | ||||
| CVE-2007-2206 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a leading "<"<" in the ripeformpost parameter. | ||||
| CVE-2008-7133 | 1 Onlinetools | 1 Easyimagecatalogue | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php, and the d parameter to (4) describe.php and (5) addcomment.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6046 | 1 Epic Designs | 1 Eggblog | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) edit parameter to (a) admin/articles.php or (b) admin/comments.php, or the (2) add parameter to admin/users.php. | ||||
| CVE-2007-2449 | 2 Apache, Redhat | 4 Tomcat, Enterprise Linux, Network Satellite and 1 more | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. | ||||
| CVE-2007-2914 | 1 Psychostats | 1 Psychostats | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files. | ||||
| CVE-2008-5761 | 1 Flatnux | 1 Flatnux | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name parameter in an insertrecord action to index.php in the 08_Files module, as demonstrated by injection within a SRC attribute of an IFRAME element. | ||||
| CVE-2007-3033 | 1 Microsoft | 1 Windows Vista | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone. | ||||
| CVE-2008-5769 | 1 Kerio | 1 Kerio Mailserver | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-3056 | 1 Websvn | 1 Websvn | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter. | ||||
| CVE-2007-3064 | 1 Mealex | 1 My Datebook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter. | ||||
| CVE-2007-3137 | 1 Webmaster Solutions | 1 Wmscms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is incorrect. | ||||
| CVE-2007-3291 | 1 Livecms | 1 Livecms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php. | ||||
| CVE-2007-3694 | 1 Getmiro | 1 Broadcast Machine | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2007-3758 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Safari and 2 more | 2026-04-23 | N/A |
| Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. | ||||
| CVE-2007-3760 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Safari and 2 more | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. | ||||
| CVE-2007-3761 | 1 Apple | 3 Iphone, Iphone Os, Safari | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain. | ||||