Total
25573 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0436 | 1 Pd9 Software | 1 Megabbs | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp in PD9 Software MegaBBS 1.5.14b allows remote attackers to inject arbitrary web script or HTML via the target parameter. | |||||
CVE-2007-2581 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Services, Windows 2003 | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. | |||||
CVE-2008-0335 | 1 Bugtracker.net | 1 Bugtracker.net | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field. | |||||
CVE-2007-6316 | 1 Real Time Logic | 2 Barracudadrive Web Server, Barracudadrive Web Server Home Server | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page. | |||||
CVE-2007-5292 | 1 Splitside | 1 Directory Image Gallery | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in photos.cfm in Directory Image Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the backwardDirectory parameter. | |||||
CVE-2007-4741 | 1 Claroline | 1 Claroline | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-1760 | 1 Jetphotosoft.com | 1 Jetphoto | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php. | |||||
CVE-2004-2738 | 1 Zeroboard | 1 Zeroboard | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. | |||||
CVE-2004-2701 | 1 Aspdotnetstorefront | 1 Aspdotnetstorefront | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter. | |||||
CVE-2006-3761 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript". | |||||
CVE-2006-0663 | 1 Ibm | 1 Lotus Domino Inotes Client | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename. | |||||
CVE-2006-4542 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2024-02-04 | 6.8 MEDIUM | N/A |
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. | |||||
CVE-2005-4583 | 1 Vmware | 1 Esx | 2024-02-04 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). | |||||
CVE-2006-0779 | 1 Xmb Forum | 1 Xmb | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag. | |||||
CVE-2004-2742 | 1 Businessobjects | 1 Crystal Enterprise | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file. | |||||
CVE-2005-2406 | 1 Opera | 1 Opera Browser | 2024-02-04 | 4.3 MEDIUM | N/A |
Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a user into dragging an image that is a "javascript:" URI. | |||||
CVE-2005-2254 | 1 Gianluca Baldo | 1 Phpauction | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description. | |||||
CVE-2006-0533 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter. | |||||
CVE-2006-1898 | 1 Ralph Capper | 1 Tinyphpforum | 2024-02-04 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name. NOTE: the "Access to hash password" issue is already covered by CVE-2006-0103. | |||||
CVE-2006-2669 | 1 Preprojects.com | 1 Pre Shopping Mall | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Mall 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter in search.php (the "search box"), (2) the prodid parameter in detail.php, and the (3) cid parameter in products.php. |