Export limit exceeded: 47027 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47027 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0208 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Stronghold 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.
CVE-2006-0032 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
CVE-2006-0806 1 John Lim 1 Adodb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.
CVE-2006-3211 1 Cjguestbook Project 1 Cjguestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter.
CVE-2006-1230 1 Belchior Foundry 1 Vcard 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6.
CVE-2006-4712 1 Sage 1 Sage 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."
CVE-2002-2246 1 Deerfield 1 Visnetic Website 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header (HTTP_REFERER) to a non-existent page, which is injected into the resulting 404 error page.
CVE-2003-1371 1 Nuked-klan 1 Nuked-klan 2026-04-16 N/A
Nuked-Klan 1.3b, and possibly earlier versions, allows remote attackers to obtain sensitive server information via an op parameter set to phpinfo for the (1) Team, (2) News, or (3) Liens modules.
CVE-2006-0779 1 Xmb Forum 1 Xmb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag.
CVE-2006-3568 1 Fantastic Guestbook Project 1 Fantastic Guestbook 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Fantastic Guestbook 2.0.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) nickname parameters.
CVE-2005-3047 1 Phpmyfaq 1 Phpmyfaq 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php.
CVE-2002-2422 1 Compaq 1 Insight Management Agent 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message.
CVE-2005-3283 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2003-1348 1 Ftls 1 Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field.
CVE-2006-0101 1 Sblog 1 Sblog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in (a) index.php and (b) search.php.
CVE-2005-3528 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter.
CVE-2002-2343 1 Nocc 1 Nocc 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages.
CVE-2006-3061 1 Review-script.com 1 Five Star Review Script 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the "search box") in search_reviews.php, (4) the profile field in usercp/profile_edit1.php, and the (5) review field in review_form.php.
CVE-2006-2994 1 Christian Becher 1 Phazizguestbook 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in phazizGuestbook 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) url fields, and (4) text field (content parameter).
CVE-2005-4245 1 Snipegallery 1 Snipe Gallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.