Export limit exceeded: 45916 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45916 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2386 | 1 Xoops | 1 Xoops | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag. | ||||
| CVE-2006-0233 | 1 Microblog | 1 Microblog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag. | ||||
| CVE-2006-3295 | 1 Georgecurrums | 1 Open Guestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in header.php in Open Guestbook 0.5 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | ||||
| CVE-2006-0101 | 1 Sblog | 1 Sblog | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in (a) index.php and (b) search.php. | ||||
| CVE-2005-3283 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2006-2545 | 1 Xtreme Scripts | 1 Xtreme Topsites | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in stats.php and (2) unspecified inputs in lostid.php, probably the searchthis parameter. NOTE: one or more of these vectors might be resultant from SQL injection. | ||||
| CVE-2005-3205 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table. | ||||
| CVE-2006-1750 | 1 Jmb Software | 1 Autogallery | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Autogallery 0.41 allow remote attackers to inject arbitrary web script or HTML via the (1) pic or (2) show parameters. | ||||
| CVE-2003-1522 | 1 Pscs | 1 Vpop3 Web Mail Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server 2.0e and 2.0f allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to the admin/index.html page. | ||||
| CVE-2006-3924 | 1 Dokeos | 1 Dokeos | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2003-1151 | 1 Fastream | 1 Netfile Ftp Web Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a "404 Not Found" error page. | ||||
| CVE-2005-2022 | 1 Sun | 2 Iplanet Messaging Server, One Messaging Server | 2026-04-16 | N/A |
| Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2006-2663 | 1 Ifusionservices | 1 Iflance | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 allow remote attackers to inject arbitrary web script or HTML via certain inputs to (1) acc_verify.php or (2) project.php. | ||||
| CVE-2005-4245 | 1 Snipegallery | 1 Snipe Gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | ||||
| CVE-2006-1760 | 1 Jetphotosoft.com | 1 Jetphoto | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php. | ||||
| CVE-2002-1651 | 1 Verity | 1 Search97 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions. | ||||
| CVE-2004-1417 | 1 Psychostats | 1 Psychostats | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter. | ||||
| CVE-2004-2702 | 1 Swsoft | 1 Plesk | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as CVE-2006-6451. | ||||
| CVE-2006-2669 | 1 Preprojects.com | 1 Pre Shopping Mall | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Mall 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter in search.php (the "search box"), (2) the prodid parameter in detail.php, and the (3) cid parameter in products.php. | ||||
| CVE-2006-2816 | 1 Coolphp | 1 Coolphp Magazine | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in coolphp magazine allow remote attackers to inject arbitrary web script or HTML via the (1) op and (2) nick parameters, and possibly the (3) 0000, (4) userinfo, (5) comp_der, (6) encuestas, and (7) pagina parameters. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE. | ||||