Export limit exceeded: 356992 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356992 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356992 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29941 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46587 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46587 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5061 | 1 Smolinari | 1 Mini Web Calendar | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in php/cal_default.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL. | ||||
| CVE-2008-0691 | 2 Simon Elvery, Wordpress | 2 Wp-footnotes, Wp-footnotes | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters. | ||||
| CVE-2007-5058 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open. | ||||
| CVE-2008-5068 | 1 Kkeim | 1 Kmita Gallery | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter to index.php and the (2) searchtext parameter to search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1082 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation. | ||||
| CVE-2008-0676 | 1 A-blog | 1 A-blog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter. | ||||
| CVE-2007-6346 | 1 Rainboard | 1 Rainboard | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-1073 | 1 Internet Security Systems | 1 Internet Scanner | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the report interface in Internet Security Systems (ISS) Internet Scanner 7.0 Service Pack 2 Build 7.2.2005.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-0669 | 1 Sift | 1 Unity | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity allows remote attackers to inject arbitrary web script or HTML via the qt parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-5120 | 1 Jspwiki | 1 Jspwiki | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp. | ||||
| CVE-2007-5947 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Enterprise Linux and 1 more | 2026-04-23 | N/A |
| The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. | ||||
| CVE-2008-2117 | 1 Project Alumni | 1 Project Alumni | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126. | ||||
| CVE-2008-6495 | 1 Zirkon Box | 1 Yappa-ng | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter. | ||||
| CVE-2008-0834 | 1 Ibm | 1 Lotus Quickr | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-5027 | 1 Level One | 1 Wbr3404tx | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in the web management panel for the WBR3404TX broadband router with firmware R1.94p0vTIG allow remote attackers to inject arbitrary web script or HTML via the (1) DD or (2) DU parameter. | ||||
| CVE-2008-0780 | 1 Moinmoin | 1 Moinmoin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action. | ||||
| CVE-2007-6301 | 1 Open Newsletter | 1 Open Newsletter | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. | ||||
| CVE-2008-0204 | 1 Wordpress | 1 Math Comment Spam Protection Plugin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php. | ||||
| CVE-2008-0206 | 1 Wordpress | 1 Captcha | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars, (3) captcha_ttfrange, or (4) captcha_secret parameter. | ||||
| CVE-2007-6659 | 1 2z Project | 1 2z Project | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) contentshort or (2) contentfull parameter in an addnews action to the default URI; (3) the content parameter in a pm write action to 2z/admin.php; (4) the referer parameter to templates/default/usermenu.tpl, accessed through index.php; or the (5) newavatar or (6) newphoto parameter in a profile action to the default URI under 2z/. | ||||