Export limit exceeded: 45671 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45671 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1556 | 1 Bolinos | 1 Bolinos | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) system/actionspages/_b/contentFiles/gBImageViewer.php, (2) ForEditor parameter to (b) system/actionspages/_b/contentFiles/gBselectorContents.php, (3) the PATH_INFO to (c) gBLoginPage.php and (d) gBPassword.php in system/actionspages/_b/contentFiles/, (4) formlogin parameter to system/actionspages/_b/contentFiles/gBLoginPage.php, and the (5) bolini_searchengine46Search parameter to (e) help/index.php. | ||||
| CVE-2008-0826 | 1 Caroline | 1 Caroline | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Claroline before 1.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-3921 | 1 Telartis Bv | 1 Awstats Totals | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals 1.0 through 1.14 allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameter. | ||||
| CVE-2007-5000 | 7 Apache, Canonical, Fedoraproject and 4 more | 12 Http Server, Ubuntu Linux, Fedora and 9 more | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-0808 | 1 Ikiwiki | 1 Ikiwiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags. | ||||
| CVE-2008-4871 | 1 My Little Forum | 1 My Little Forum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attackers to inject arbitrary web script or HTML via BBcode IMG tags. | ||||
| CVE-2008-4888 | 1 Netrisk | 1 Netrisk | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-5629 | 1 Candypress | 1 Candypress Store | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/logon.asp in ShoppingTree CandyPress Store 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2007-2804. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4892 | 1 Planetluc | 1 Mygallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in gallery.inc.php in Planetluc MyGallery 1.7.2 and earlier, and possibly other versions before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via the mghash parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-5012 | 1 Phpwebgallery | 1 Phpwebgallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in picture.php in PhpWebGallery 1.7.0, when Comments for all is enabled, allows remote attackers to inject arbitrary web script or HTML via the author parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0793 | 1 Tendenci | 1 Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) searchtext, (3) jobcategoryid, (4) contactcompany, and unspecified other parameters. NOTE: some of these details are obtained from third party information. NOTE: it is not clear whether this affects Tendenci Enterprise Edition in addition to the product's deployment on Tendenci's own server farm. If only the latter was affected, then this issue should not be included in CVE. | ||||
| CVE-2007-5013 | 1 Phormer | 1 Phormer | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Phormer 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) u, (2) p, (3) c, and (4) s parameters, and other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-6203 | 1 Apache | 1 Http Server | 2026-04-23 | N/A |
| Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. | ||||
| CVE-2009-0105 | 1 Se-ed | 1 Ezpack | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action. | ||||
| CVE-2008-1474 | 1 Roundup-tracker | 1 Roundup | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS). | ||||
| CVE-2007-6421 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. | ||||
| CVE-2007-5598 | 1 Web Links Project | 1 Web Links | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-5833 | 1 Bosdev | 1 Bosmarket Business Directory System | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BosDev BosMarket Business Directory System allow remote authenticated users to inject arbitrary web script or HTML via (1) user info (account details) or (2) a post. | ||||
| CVE-2007-5834 | 1 Bosdev | 1 Bosnews | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post. | ||||
| CVE-2007-6055 | 1 Liferay | 1 Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date. | ||||