Export limit exceeded: 45785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2816 | 1 Coolphp | 1 Coolphp Magazine | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in coolphp magazine allow remote attackers to inject arbitrary web script or HTML via the (1) op and (2) nick parameters, and possibly the (3) 0000, (4) userinfo, (5) comp_der, (6) encuestas, and (7) pagina parameters. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE. | ||||
| CVE-2005-1619 | 1 Phpheaven | 1 Phpmychat | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. NOTE: it was later reported that 0.14.5 is also affected. | ||||
| CVE-2005-1669 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains. | ||||
| CVE-2006-3579 | 1 Fujitsu | 1 Serverview | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-3494 | 1 Vastal I-tech | 1 Buddy Zone | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in (c) view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_group.php. | ||||
| CVE-2006-2783 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2026-04-16 | N/A |
| Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT. | ||||
| CVE-2006-2618 | 1 Alstrasoft | 1 Webhost Directory | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the "write a review" box. NOTE: since user reviews do not require administrator privileges, and an auto-approve mechanism exists, this issue is a vulnerability. | ||||
| CVE-2002-1651 | 1 Verity | 1 Search97 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions. | ||||
| CVE-2006-2066 | 1 Mkportal | 1 Mkportal | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters. | ||||
| CVE-2006-0603 | 1 Hinton Design | 1 Phphg Guestbook | 2026-04-16 | N/A |
| Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) location, (2) website, or (3) message parameter. | ||||
| CVE-2006-0533 | 1 Cpanel | 1 Cpanel | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter. | ||||
| CVE-2006-0442 | 1 Mybb | 1 Mybb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219. | ||||
| CVE-2000-1139 | 1 Microsoft | 1 Exchange Server | 2026-04-16 | N/A |
| The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. | ||||
| CVE-2005-4658 | 1 Iisworks | 1 Aspknowledgebase | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. | ||||
| CVE-2005-4583 | 1 Vmware | 1 Esx | 2026-04-16 | N/A |
| Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). | ||||
| CVE-2005-2022 | 1 Sun | 2 Iplanet Messaging Server, One Messaging Server | 2026-04-16 | N/A |
| Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2005-0896 | 1 Accomplishtechnology | 1 Phpmydirectory | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter. | ||||
| CVE-2003-1400 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter. | ||||
| CVE-2002-1700 | 2 Macromedia, Microsoft | 3 Coldfusion, Internet Information Services, Windows 2000 | 2026-04-16 | N/A |
| Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. | ||||
| CVE-2005-3047 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php. | ||||