Export limit exceeded: 46788 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46788 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0477 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url. | ||||
| CVE-2006-2016 | 2 Debian, Phpldapadmin Project | 2 Debian Linux, Phpldapadmin | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php. | ||||
| CVE-2006-0842 | 1 Calacode | 1 Atmail Webmail System | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "java	script:." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-0860 | 1 Michael Salzer | 1 Guestbox | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression check, and (2) other unspecified attack vectors. | ||||
| CVE-2002-2339 | 1 Script Shed | 1 Ssgbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) image=right, (4) img=right, (5) image=left, and (6) img=left tags. | ||||
| CVE-2006-2796 | 1 New-place | 1 Captivate | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message. | ||||
| CVE-2000-1205 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant. | ||||
| CVE-2006-1741 | 3 Canonical, Mozilla, Redhat | 5 Ubuntu Linux, Firefox, Mozilla Suite and 2 more | 2026-04-16 | N/A |
| Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". | ||||
| CVE-2006-0806 | 1 John Lim | 1 Adodb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF. | ||||
| CVE-2002-2377 | 1 Sephiroth32 | 1 Zap Book | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field. | ||||
| CVE-2006-1826 | 1 Snipegallery | 1 Snipe Gallery | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in view.php, (2) keyword parameter in search.php, and (3) image_id parameter in image.php. NOTE: it is possible that vectors 1 and 3 are resultant from SQL injection. | ||||
| CVE-2006-1230 | 1 Belchior Foundry | 1 Vcard | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6. | ||||
| CVE-2006-3494 | 1 Vastal I-tech | 1 Buddy Zone | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in (c) view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_group.php. | ||||
| CVE-2006-3240 | 1 Dotproject | 1 Dotproject | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter. | ||||
| CVE-2006-3047 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2005-4583 | 1 Vmware | 1 Esx | 2026-04-16 | N/A |
| Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). | ||||
| CVE-2004-2741 | 1 Horde | 1 Application Framework | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters. | ||||
| CVE-2006-3579 | 1 Fujitsu | 1 Serverview | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2002-2422 | 1 Compaq | 1 Insight Management Agent | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message. | ||||
| CVE-2002-2273 | 1 Webster | 1 Webster Http Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows remote attackers to inject arbitrary web script or HTML via the URL. | ||||