Total
28623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1306 | 1 Besavvy | 1 Savvy Content Manager | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Savvy Content Manager (CM) allow remote attackers to inject arbitrary web script or HTML via the searchterms parameter to (1) searchresults.cfm, (2) search_results.cfm, and (3) search_results/index.cfm. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1082 | 1 Opera | 1 Opera Browser | 2024-02-04 | 4.3 MEDIUM | N/A |
| Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation. | |||||
| CVE-2008-0774 | 1 Loris | 1 Hotel Reservation System | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel Reservation System 3.01 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the hotel_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-6365 | 1 Bcoos | 1 Event Calendar | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the day and year vectors are covered by CVE-2007-6274. | |||||
| CVE-2008-0404 | 1 Mantis | 1 Mantis | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary. | |||||
| CVE-2007-6674 | 1 Rapidshare | 1 Database | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attackers to inject arbitrary web script or HTML via the Arayalim parameter. | |||||
| CVE-2007-3694 | 1 Getmiro | 1 Broadcast Machine | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2008-0868 | 2 Bea Systems, Oracle | 2 Weblogic Portal, Weblogic Portal | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2007-6090 | 1 Nuked-klan | 1 Nuked-klan | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5293 | 1 Idmos | 1 Idmos | 2024-02-04 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta (aka Phoenix) allow remote attackers to inject arbitrary web script or HTML via the (1) err_msg parameter to error.php and the (2) content parameter to templates/simple/ia.php. | |||||
| CVE-2008-0190 | 1 Awesometemplateengine | 1 Awesometemplateengine | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in templates/example_template.php in AwesomeTemplateEngine allow remote attackers to inject arbitrary web script or HTML via the (1) data[title], (2) data[message], (3) data[table][1][item], (4) data[table][1][url], or (5) data[poweredby] parameter. | |||||
| CVE-2008-0899 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page. | |||||
| CVE-2007-5977 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942. | |||||
| CVE-2008-0540 | 1 Trixbox | 1 Trixbox | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/. | |||||
| CVE-2007-1050 | 1 Abledesign | 1 Mycalendar | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the keyword parameter in the search menu (go=search), or (3) the username or (4) the password in a go=Login action. | |||||
| CVE-2007-3574 | 1 Linksys | 1 Wag54gs | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter. | |||||
| CVE-2006-6401 | 1 Mystats | 1 Mystats | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in MyStats 1.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) connexion, (2) by, and (3) details parameter. | |||||
| CVE-2007-6312 | 1 Websense | 3 Enterpise, Reporting Tools, Web Security Suite | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field. | |||||
| CVE-2008-0205 | 1 Wordpress | 1 Math Comment Spam Protection Plugin | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php. | |||||
| CVE-2007-4717 | 1 Claroline | 1 Claroline | 2024-02-04 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php. | |||||