Export limit exceeded: 45757 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45757 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1519 | 1 Vivisimo | 1 Clustering Engine | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine allows remote attackers to inject arbitrary web script or HTML via the query parameter to the search program. | ||||
| CVE-2003-1522 | 1 Pscs | 1 Vpop3 Web Mail Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server 2.0e and 2.0f allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to the admin/index.html page. | ||||
| CVE-2006-1760 | 1 Jetphotosoft.com | 1 Jetphoto | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php. | ||||
| CVE-2003-1420 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header. | ||||
| CVE-2005-4161 | 1 Milliscripts | 1 Milliscripts | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MilliScripts 1.4 redirect script allow remote attackers to inject arbitrary web script or HTML via the domainname parameter to register.php, and other unspecified vectors. NOTE: the vendor has disputed this issue, stating "No invalid input can reach the script. | ||||
| CVE-2006-2816 | 1 Coolphp | 1 Coolphp Magazine | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in coolphp magazine allow remote attackers to inject arbitrary web script or HTML via the (1) op and (2) nick parameters, and possibly the (3) 0000, (4) userinfo, (5) comp_der, (6) encuestas, and (7) pagina parameters. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE. | ||||
| CVE-2006-2618 | 1 Alstrasoft | 1 Webhost Directory | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the "write a review" box. NOTE: since user reviews do not require administrator privileges, and an auto-approve mechanism exists, this issue is a vulnerability. | ||||
| CVE-2005-4245 | 1 Snipegallery | 1 Snipe Gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | ||||
| CVE-2006-2783 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2026-04-16 | N/A |
| Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT. | ||||
| CVE-2005-3047 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php. | ||||
| CVE-2005-4247 | 1 Plogger | 1 Plogger | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. | ||||
| CVE-2006-0175 | 1 Webwiz | 1 Web Wiz Forums | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2006-0233 | 1 Microblog | 1 Microblog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag. | ||||
| CVE-2003-1531 | 1 Lilikoi | 1 Ceilidh | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
| CVE-2005-2981 | 1 Orionserver | 1 Orion Application Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. | ||||
| CVE-2005-1669 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains. | ||||
| CVE-2003-1534 | 1 Justice Media | 1 Guestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestbook 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) aim, (4) yim, (5) location, and (6) comment variables. | ||||
| CVE-2006-3756 | 1 Geeklog | 1 Geeklog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6). | ||||
| CVE-2003-1536 | 1 Dcp-portal | 1 Dcp-portal | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Codeworx Technologies DCP-Portal 5.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php and (2) the year parameter to calendar.php. | ||||
| CVE-2005-1619 | 1 Phpheaven | 1 Phpmychat | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. NOTE: it was later reported that 0.14.5 is also affected. | ||||