Export limit exceeded: 45719 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45719 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6127 | 1 Mozilo | 1 Mozilocms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to gallery.php, and the (6) URL to admin/login.php. | ||||
| CVE-2009-0063 | 1 Symantec | 1 Brightmail Gateway Appliance | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-5443 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) the anchor tag and (2) listtags. | ||||
| CVE-2007-5386 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
| CVE-2007-5385 | 2 Alcatel, Bt | 2 Speedtouch 7g Router, Home Hub | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-4874 | 1 Boesch-it | 1 Simpnews | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php. | ||||
| CVE-2007-4828 | 1 Mediawiki | 1 Mediawiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-4830 | 1 Directadmin | 1 Directadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter. | ||||
| CVE-2007-4813 | 1 Domino Blogsphere | 1 Domino Blogsphere | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 Beta 7 allows remote attackers to inject arbitrary web script or HTML via the name field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-3240 | 2 Ohwada, Xoops | 2 Xf-section, Xoops | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-6728 | 1 Xmb Forum | 1 Xmb | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote attackers to inject arbitrary web script or HTML via the MSN field during user registration. | ||||
| CVE-2008-6130 | 1 Mozilo | 1 Mozilowiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters. | ||||
| CVE-2007-3910 | 1 Bandersnatch | 1 Bandersnatch | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows remote attackers to inject arbitrary JavaScript via a Jabber resource name and possibly other data items, which are stored in conversation logs. | ||||
| CVE-2008-6879 | 1 Apache | 1 Roller | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. | ||||
| CVE-2008-7184 | 1 Diigo | 2 Diigo Toolbar, Diigolet | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet allows remote attackers to inject arbitrary web script or HTML via a public comment. | ||||
| CVE-2007-5190 | 1 Alcatel-lucent | 1 Omnivista | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or (2) the Langue parameter to the default URI. | ||||
| CVE-2008-6164 | 1 Dreamcost | 1 Hostadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in DreamCost HostAdmin 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2009-2401 | 1 Phpecho Cms | 1 Phpecho Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post. | ||||
| CVE-2007-5176 | 1 Grouplink | 1 Ehelpdesk | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GroupLink eHelpDesk 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) NA_DISPLAYNAME parameter in helpdesk/user/rf_create.jsp and the (2) username and (3) LDAPError parameters in index2.jsp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-5759 | 1 Flatnux | 1 Flatnux | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08_Files module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||