Export limit exceeded: 347795 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45685 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45685 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1228 | 1 Minigal | 1 Mg2 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly Minigal) allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action. | ||||
| CVE-2008-1224 | 1 Bosdev | 1 Bosclassifieds Classified Ads | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in account.php in BosClassifieds Classified Ads System 3.0 allows remote attackers to inject arbitrary web script or HTML via the returnTo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1262 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. | ||||
| CVE-2007-1229 | 1 Nullsoft | 1 Shoutcast Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file. | ||||
| CVE-2007-1576 | 1 Phprojekt | 1 Phprojekt | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files. | ||||
| CVE-2006-6942 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php. | ||||
| CVE-2007-1012 | 1 Deskpro | 1 Deskpro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter. | ||||
| CVE-2007-1231 | 1 Sqlitemanager | 1 Sqlitemanager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files. | ||||
| CVE-2007-1101 | 1 Photostand | 1 Photostand | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message ("comment") or (2) name field, or the (3) q parameter in a search action in index.php. | ||||
| CVE-2007-1050 | 1 Abledesign | 1 Mycalendar | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the keyword parameter in the search menu (go=search), or (3) the username or (4) the password in a go=Login action. | ||||
| CVE-2007-1482 | 1 Liqua | 1 Wbblog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows remote attackers to inject arbitrary web script or HTML via the e_id parameter in a viewentry cmd. | ||||
| CVE-2007-1234 | 1 Bj Sintay | 1 Sitex | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (4) the page parameter to calendar_events.php. | ||||
| CVE-2007-1142 | 1 Reamday Enterprises | 1 Magic News Plus | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php. | ||||
| CVE-2007-1145 | 1 Kayako | 1 Esupport | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842. | ||||
| CVE-2007-1151 | 1 Lovecms | 1 Lovecms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error. | ||||
| CVE-2007-1358 | 2 Apache, Redhat | 7 Tomcat, Certificate System, Enterprise Linux and 4 more | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". | ||||
| CVE-2008-2295 | 1 Rgboard | 1 Rgboard | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard 3.0.12, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the s_text parameter and other unspecified vectors. | ||||
| CVE-2008-1917 | 1 Amfphp | 1 Amfphp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) class parameter to (a) methodTable.php, (b) code.php, and (c) details.php in browser/; and the (2) location parameter to browser/code.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4745 | 2 Joomla, Mambo | 2 Akobook, Mambo Site Server | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function. | ||||
| CVE-2009-1162 | 1 Cisco | 2 Ironport Asyncos, Ironport Email Security Appliances | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter. | ||||