Total
28619 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4589 | 1 Interworx | 1 Web Control Panel | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php. | |||||
| CVE-2007-5027 | 1 Level One | 1 Wbr3404tx | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in the web management panel for the WBR3404TX broadband router with firmware R1.94p0vTIG allow remote attackers to inject arbitrary web script or HTML via the (1) DD or (2) DU parameter. | |||||
| CVE-2007-3954 | 2 Microsoft, Mozilla | 2 Internet Explorer, Seamonkey | 2024-02-04 | 4.3 MEDIUM | N/A |
| Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670. | |||||
| CVE-2007-5952 | 1 Helioscalendar | 1 Helios Calendar | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0258 | 1 Php Running Management | 1 Phprunman | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHP Running Management (phpRunMan) before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2007-2206 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a leading "<"<" in the ripeformpost parameter. | |||||
| CVE-2007-5950 | 1 Netcommons | 1 Netcommons | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, and 1.1.x before 1.1.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-4165. | |||||
| CVE-2008-0751 | 2 Microsoft, S9y | 2 Internet Explorer, Serendipity Event Freetag | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/. | |||||
| CVE-2006-7059 | 1 Scriptsez.net | 1 E-dating System | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities (') in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin operation to cindex.php. | |||||
| CVE-2007-6461 | 1 Flyspray | 1 Flyspray | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function. | |||||
| CVE-2007-5725 | 1 Smart-shop | 1 Smart-shop | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Smart-Shop allow remote attackers to inject arbitrary web script or HTML via (1) the email parameter to index.php; or the command parameter to index.php in (2) the default action for the home page, (3) a currencies action, or (4) a basket action. | |||||
| CVE-2007-6574 | 1 Dokeos | 2 Open Source Learning And Knowledge Management, Open Source Learning And Knowledge Management Tool | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php. | |||||
| CVE-2007-5072 | 1 Alexander Palmo | 1 Simple Php Blog | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog) before 0.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via certain user_colors array parameters to certain user_style.php files under themes/, as demonstrated by the user_colors[bg_color] parameter. | |||||
| CVE-2007-5983 | 1 Justin Hagstrom | 1 Autoindex Php Script | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | |||||
| CVE-2007-6526 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter. | |||||
| CVE-2008-1168 | 1 Sarg | 1 Squid Analysis Report Generator | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4899 | 1 Berkeley | 1 Boinc Forum | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum 5.10.20 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to forum_forum.php, or the search_string parameter to forum_text_search_action.php in a (2) titles or (3) bodies search. | |||||
| CVE-2007-3503 | 1 Oracle | 1 Jdk | 2024-02-04 | 4.3 MEDIUM | N/A |
| The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-0564 | 1 Mailman | 1 Mailman | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636. | |||||
| CVE-2007-5190 | 1 Alcatel-lucent | 1 Omnivista | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or (2) the Langue parameter to the default URI. | |||||