Export limit exceeded: 46788 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46788 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1850 | 1 Osiaffiliate | 1 Osiaffiliate | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in login.php in Omnistar Interactive OSI Affiliate allow remote attackers to inject arbitrary web script or HTML via the (1) login, (2) profile, (3) profile2, and (4) ref parameters. | ||||
| CVE-2008-3587 | 1 Needscripts | 1 Homes 4 Sale | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter. | ||||
| CVE-2007-0830 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums & Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an administrator. NOTE: it is possible that this issue overlaps CVE-2006-6040 | ||||
| CVE-2008-0941 | 1 Aeries | 1 Aeries Student Information System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote authenticated users to inject arbitrary web script or HTML via an event. | ||||
| CVE-2008-5757 | 1 Textpattern | 1 Textpattern | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-5683 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php. | ||||
| CVE-2007-6104 | 1 Filemaker | 2 Filemaker, Filemaker Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Instant Web Publishing feature in FileMaker Pro 7 and 8, Server 7 and 8, and Developer 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-4513 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags. | ||||
| CVE-2008-4601 | 1 Habari | 1 Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter. | ||||
| CVE-2008-3559 | 1 Kaphotoservice | 1 Kaphotoservice | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice allow remote attackers to inject arbitrary web script or HTML via the (1) filename parameter to search.asp and the (2) page parameter to order.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-2842 | 1 Doitlive | 1 Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter. | ||||
| CVE-2008-1002 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. | ||||
| CVE-2007-5677 | 1 Hackish | 1 Hackish | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in shoutbox/blocco.php in Hackish BETA 1.1 allows remote attackers to inject arbitrary web script or HTML via the go_shout parameter. | ||||
| CVE-2008-1892 | 1 Blogator Script | 1 Blogator Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in bs_auth.php in Blogator-script 0.95 and 1.01 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-2022 | 1 Pd9 Software | 1 Megabbs | 2026-04-23 | N/A |
| Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. NOTE: vector 2 requires authentication. | ||||
| CVE-2008-3700 | 1 Kayako | 1 Supportsuite | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation. | ||||
| CVE-2007-4977 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter. | ||||
| CVE-2008-4174 | 1 Benjamin Kuz | 1 Dynamic Mp3 Lister | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dynamic MP3 Lister 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) currentpath, (2) invert, (3) search, and (4) sort parameters. | ||||
| CVE-2007-5649 | 1 Socketmail | 1 Socketmail | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative Digital Resources SocketMail 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the lost_id parameter. | ||||
| CVE-2008-0980 | 1 Spyce | 1 Spyce | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python Server Pages (PSP) 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the url or type parameter to docs/examples/redirect.spy; (2) the x parameter to docs/examples/handlervalidate.spy; (3) the name parameter to spyce/examples/request.spy; (4) the Name parameter to spyce/examples/getpost.spy; (5) the mytextarea parameter, the mypass parameter, or an empty parameter to spyce/examples/formtag.spy; (6) the newline parameter to the default URI under demos/chat/; (7) the text1 parameter to docs/examples/formintro.spy; or (8) the mytext or mydate parameter to docs/examples/formtag.spy. | ||||