Export limit exceeded: 14134 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45662 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3482 | 2 Apple, Microsoft | 2 Safari, Windows Nt | 2026-04-23 | N/A |
| Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. | ||||
| CVE-2007-3503 | 2 Oracle, Redhat | 2 Jdk, Rhel Extras | 2026-04-23 | N/A |
| The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-3574 | 1 Linksys | 1 Wag54gs | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter. | ||||
| CVE-2007-3653 | 1 Fascript | 1 Faname | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php. | ||||
| CVE-2007-3694 | 1 Getmiro | 1 Broadcast Machine | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2008-7141 | 1 Alexphpteam | 1 \@lex Poll | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to inject arbitrary web script or HTML via the language_setup parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4555 | 1 Ipswitch | 1 Ws Ftp | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to create a new admin account. | ||||
| CVE-2007-4557 | 1 Novell | 1 Groupwise Webaccess | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2. | ||||
| CVE-2007-4589 | 1 Interworx | 1 Web Control Panel | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php. | ||||
| CVE-2007-4592 | 1 Ibm | 1 Rational Clearquest | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component. | ||||
| CVE-2008-5808 | 2 Six Apart, Sixapart | 2 Movable Type, Movable Type | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to "application management." | ||||
| CVE-2007-4595 | 1 The Seasar Foundation | 1 Mayaa | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows remote attackers to inject arbitrary web script or HTML in certain circumstances involving (1) lack of charset specification within a META element or (2) a META element that specifies an unrecognized charset, which trigger automatic character set recognition by the web browser, as demonstrated by improper handling of UTF-7 data. | ||||
| CVE-2007-5012 | 1 Phpwebgallery | 1 Phpwebgallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in picture.php in PhpWebGallery 1.7.0, when Comments for all is enabled, allows remote attackers to inject arbitrary web script or HTML via the author parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-5814 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208. | ||||
| CVE-2007-4633 | 1 Cisco | 2 Call Manager, Unified Communications Manager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728. | ||||
| CVE-2007-4698 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. | ||||
| CVE-2007-4713 | 1 Roi Revolution | 1 Urchin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters. | ||||
| CVE-2007-4717 | 1 Claroline | 1 Claroline | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php. | ||||
| CVE-2007-5370 | 1 Netwin | 1 Dnewsweb | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb (DNews News Server) 57e1 allow remote attackers to inject arbitrary web script or HTML via the (1) group or (2) utag parameter. | ||||
| CVE-2007-5385 | 2 Alcatel, Bt | 2 Speedtouch 7g Router, Home Hub | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||