Export limit exceeded: 349883 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 23295 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45870 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0860 | 1 Michael Salzer | 1 Guestbox | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression check, and (2) other unspecified attack vectors. | ||||
| CVE-2006-4568 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-16 | N/A |
| Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks. | ||||
| CVE-2006-0254 | 2 Apache, Redhat | 3 Geronimo, Network Satellite, Rhel Application Server | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. | ||||
| CVE-2005-4583 | 1 Vmware | 1 Esx | 2026-04-16 | N/A |
| Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). | ||||
| CVE-2005-2406 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a user into dragging an image that is a "javascript:" URI. | ||||
| CVE-2006-4755 | 1 Accomplishtechnology | 1 Phpmydirectory | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-2506 | 1 Sphider | 1 Sphider | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in search.php in Sphider allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO and (2) the category parameter. | ||||
| CVE-2006-0101 | 1 Sblog | 1 Sblog | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in (a) index.php and (b) search.php. | ||||
| CVE-2003-1534 | 1 Justice Media | 1 Guestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestbook 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) aim, (4) yim, (5) location, and (6) comment variables. | ||||
| CVE-2005-1778 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter. | ||||
| CVE-2005-1669 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains. | ||||
| CVE-2003-1536 | 1 Dcp-portal | 1 Dcp-portal | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Codeworx Technologies DCP-Portal 5.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php and (2) the year parameter to calendar.php. | ||||
| CVE-2003-1549 | 1 Myabracadaweb | 1 Myabracadaweb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in header.php in MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the ma_kw parameter. | ||||
| CVE-2006-4038 | 1 Chaossoft | 1 Gaestechaos | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters. | ||||
| CVE-2006-4542 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2026-04-16 | N/A |
| Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. | ||||
| CVE-2005-0896 | 1 Accomplishtechnology | 1 Phpmydirectory | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter. | ||||
| CVE-2005-3496 | 1 Php Handicapper | 1 Php Handicapper | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct. | ||||
| CVE-2006-0996 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. | ||||
| CVE-2006-0800 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-16 | N/A |
| Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php. | ||||
| CVE-2006-0938 | 1 Ez | 1 Ez Publish | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter. | ||||