Export limit exceeded: 357916 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46660 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2981 | 1 Orionserver | 1 Orion Application Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. | ||||
| CVE-2006-0857 | 1 E107 | 2 Chatbox Plugin, E107 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element. | ||||
| CVE-2006-1548 | 2 Apache, Redhat | 2 Struts, Rhel Application Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message. | ||||
| CVE-2005-0477 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url. | ||||
| CVE-2006-1741 | 3 Canonical, Mozilla, Redhat | 5 Ubuntu Linux, Firefox, Mozilla Suite and 2 more | 2026-04-16 | N/A |
| Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". | ||||
| CVE-2002-2350 | 1 Phpoutsourcing | 1 Zorum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter. | ||||
| CVE-2005-0251 | 1 Guillaumegardey | 1 Biborb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter. | ||||
| CVE-2002-2347 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field. | ||||
| CVE-2002-2341 | 1 Sonicwall | 1 Soho3 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL. | ||||
| CVE-2002-2358 | 1 Opera Software | 1 Opera Web Browser | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL. | ||||
| CVE-2002-2340 | 1 Phorum | 1 Phorum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response. | ||||
| CVE-2005-1778 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter. | ||||
| CVE-2004-2757 | 1 Novell | 1 Ichain | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter. | ||||
| CVE-2002-2359 | 1 Mozilla | 1 Mozilla | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL. | ||||
| CVE-2002-2348 | 1 Authoria | 1 Authoria | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR allows remote attackers to inject arbitrary web script or HTML via the command parameter. | ||||
| CVE-2002-2362 | 1 Sourceforge | 1 Mymarket | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in form_header.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter. | ||||
| CVE-2006-0208 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. | ||||
| CVE-2006-1193 | 1 Microsoft | 1 Exchange Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." | ||||
| CVE-2003-1400 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter. | ||||
| CVE-2006-0996 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. | ||||