Export limit exceeded: 45870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45870 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1006 | 1 Sonicwall | 2 Soho, Soho Firmware | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | ||||
| CVE-2002-2424 | 1 Ekilat Llc | 1 Php\(reactor\) | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag. | ||||
| CVE-2006-3918 | 4 Apache, Canonical, Debian and 1 more | 9 Http Server, Ubuntu Linux, Debian Linux and 6 more | 2026-04-16 | N/A |
| http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. | ||||
| CVE-2006-0140 | 1 Navboard | 1 Navboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) url bbcode tags. | ||||
| CVE-2005-4485 | 1 Iatek | 1 Projectapp | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp. | ||||
| CVE-2005-2022 | 1 Sun | 2 Iplanet Messaging Server, One Messaging Server | 2026-04-16 | N/A |
| Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2005-4491 | 1 Sitekit Solutions | 1 Sitekit Cms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and (4) lang parameters to (a) Default.aspx, and the (6) ClickFrom parameter to (b) Request-call-back.html and (c) registration-form.html. NOTE: the vendor states "This issue was resolved by a minor update to Sitekit CMS v6.6, sanitising the html code and eradicating related security issues." | ||||
| CVE-2005-4386 | 1 Colony | 4 Colony Cms, Colony E-commerce Cms, Colony Enterprise Cms and 1 more | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | ||||
| CVE-2002-2386 | 1 Xoops | 1 Xoops | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag. | ||||
| CVE-2002-2231 | 1 Ikonboard | 1 Ikonboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL in a photo URL or (2) an X-Forwarded-For: header. | ||||
| CVE-2002-2378 | 1 Nakata | 1 An Httpd | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page. | ||||
| CVE-2002-2377 | 1 Sephiroth32 | 1 Zap Book | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field. | ||||
| CVE-2002-2359 | 1 Mozilla | 1 Mozilla | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL. | ||||
| CVE-2002-2376 | 1 Leung | 1 E-guest | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the (1) full name, (2) email, (3) homepage, and (4) location parameters. NOTE: this issue might overlap CVE-2005-1605. | ||||
| CVE-2002-2341 | 1 Sonicwall | 1 Soho3 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL. | ||||
| CVE-2005-3716 | 1 Utstarcom | 2 F1000 Wi-fi, F1000 Wi-fi Firmware | 2026-04-16 | 7.5 High |
| The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information. | ||||
| CVE-2004-1424 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2005-3759 | 1 Horde | 1 Horde | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments. | ||||
| CVE-2006-0032 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. | ||||
| CVE-2002-2364 | 1 Sourceforge | 1 Php Ticket | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a help ticket. | ||||