Export limit exceeded: 45911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45911 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0496 | 1 Ignite Realtime | 1 Openfire | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) log parameter to (a) logviewer.jsp and (b) log.jsp; (2) search parameter to (c) group-summary.jsp; (3) username parameter to (d) user-properties.jsp; (4) logDir, (5) maxTotalSize, (6) maxFileSize, (7) maxDays, and (8) logTimeout parameters to (e) audit-policy.jsp; (9) propName parameter to (f) server-properties.jsp; and the (10) roomconfig_roomname and (11) roomconfig_roomdesc parameters to (g) muc-room-edit-form.jsp. NOTE: this can be leveraged for arbitrary code execution by using XSS to upload a malicious plugin. | ||||
| CVE-2008-5059 | 1 Modernbill | 1 Modernbill | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the new_language parameter in a login action. | ||||
| CVE-2008-5250 | 1 Mediawiki | 1 Mediawiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page. | ||||
| CVE-2008-6437 | 1 Lukas Waldauf | 1 Phpfreeforum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1.0 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to error.php, and the (2) nickname and (3) randomid parameters to part/menu.php. | ||||
| CVE-2008-5304 | 1 Twiki | 1 Twiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable. | ||||
| CVE-2008-0902 | 2 Bea, Bea Systems | 2 Weblogic Server, Weblogic Server | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694. | ||||
| CVE-2007-6297 | 1 Php Heaven | 1 Phpmychat | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css.php), and the From vector for users_popupL.php3 (users_popupL.php), are already covered by CVE-2005-3991. | ||||
| CVE-2007-5581 | 1 Cisco | 1 Unified Meetingplace | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters. | ||||
| CVE-2008-4184 | 1 Webcms | 1 Webcms Portal Edition | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal Edition allows remote attackers to inject arbitrary web script or HTML via the patron parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-0934 | 1 Process-one | 1 Ejabberd | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs. | ||||
| CVE-2008-1007 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | ||||
| CVE-2007-4929 | 1 Axis | 1 207w Network Camera | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/image_incl.shtml, and other unspecified vectors. | ||||
| CVE-2008-6645 | 1 Opencosmo | 1 Visualsentinel | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel 0.7 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header ($_SERVER ['HTTP_USER_AGENT']), which is not properly handled when displaying log files. | ||||
| CVE-2008-4147 | 1 Drupal | 1 Mailsave | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x before 5.x-3.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an attached file that has a modified Content-Type. | ||||
| CVE-2007-4912 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8. | ||||
| CVE-2008-4121 | 1 Cpcommerce | 1 Cpcommerce | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to sendtofriend.php. | ||||
| CVE-2008-4120 | 1 Flatpress | 1 Flatpress | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php. | ||||
| CVE-2008-6135 | 1 Drupal | 2 Drupal, Everyblog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-5729 | 1 Netcat | 1 Netcat | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKeditor/neditor.php, and the (3) path parameter to admin/siteinfo/iframe.inc.php. | ||||
| CVE-2008-4118 | 1 High Norm | 1 Sound Master 2nd | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||