Export limit exceeded: 347834 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45694 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45694 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2114 | 1 Skybluecanvas | 1 Skybluecanvas | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the (1) mgroup, (2) mgr, (3) objtype, (4) id, and (5) dir parameters. | ||||
| CVE-2008-3730 | 1 Nordicwind | 2 Noah, Nordicwind Document Management System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-1951 | 1 Propertymaxpro | 1 Propertymax Pro Free | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PropertyMax Pro FREE 0.3 allows remote attackers to inject arbitrary web script or HTML via the pl parameter in a mi action. | ||||
| CVE-2009-1939 | 1 Joomla | 1 Joomla | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-3779 | 1 Review-script | 1 Five Star Review Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action. | ||||
| CVE-2009-3745 | 1 Ibm | 1 Rational Appscan | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
| CVE-2009-1879 | 1 Adobe | 1 Flex Sdk | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
| CVE-2006-5168 | 1 Simon Brown | 1 Pebble | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
| CVE-2008-1131 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms. | ||||
| CVE-2006-6162 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-5564 | 1 Simple Php Forum | 1 Simple Php Forum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NSSboard (formerly Simple PHP Forum) 6.1 allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags when BBcode is disabled; or the (2) user, (3) email, or (4) Real Name fields in a profile. | ||||
| CVE-2007-3918 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter. | ||||
| CVE-2007-5589 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI. | ||||
| CVE-2007-5477 | 1 Valve Software | 2 Half-life Dedicated Server, Webmod Plugin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod 0.48 Half-Life Dedicated Server plugin allows remote attackers to inject arbitrary web script or HTML via the redir parameter. | ||||
| CVE-2008-7220 | 2 Debian, Prototypejs | 2 Debian Linux, Prototype | 2026-04-23 | N/A |
| Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors. | ||||
| CVE-2008-1175 | 1 Flicks Software | 1 Authentix | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter to aspAdmin/deleteUser.asp, a different vector than CVE-2008-1174. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4633 | 1 Cisco | 2 Call Manager, Unified Communications Manager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728. | ||||
| CVE-2008-1304 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php. | ||||
| CVE-2007-4836 | 1 Phpmyquote | 1 Phpmyquote | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action. | ||||
| CVE-2007-4831 | 1 Torrenttrader | 1 Torrenttrader | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters. | ||||