Total
28962 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2635 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16) "Create new user module" in (k) tiki-admin_modules.php, (17) an unspecified field in "Add notification" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in "Create new template" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php. | |||||
| CVE-2006-1417 | 1 Caloris Planitia Technologies | 1 Web Quiz Pro | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planitia Online Quiz System (aka Web Quiz pro), possibly 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) exam parameter in prequiz.asp or (2) msg parameter in student.asp. | |||||
| CVE-2005-2981 | 1 Orionserver | 1 Orion Application Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. | |||||
| CVE-2006-1230 | 1 Belchior Foundry | 1 Vcard | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6. | |||||
| CVE-2006-4308 | 1 Blackboard | 3 Blackboard, Blackboard Learning And Community Portal Suite, Vista | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board. | |||||
| CVE-2005-0896 | 1 Accomplishtechnology | 1 Phpmydirectory | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter. | |||||
| CVE-2006-2796 | 1 New-place | 1 Captivate | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message. | |||||
| CVE-2003-0801 | 1 Nokia | 1 Electronic Documentation | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script. | |||||
| CVE-2003-1353 | 1 Lanifex | 1 Outreach Project Tool | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Outreach Project Tool (OPT) 0.946b allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the news field. | |||||
| CVE-2002-2321 | 1 Phplinkat | 1 Phplinkat | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) addyoursite.php in phpLinkat 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the catid parameter. | |||||
| CVE-2002-2377 | 1 Sephiroth32 | 1 Zap Book | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field. | |||||
| CVE-2003-1479 | 1 Darkwet | 1 Webcam Xp | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field. | |||||
| CVE-2004-1863 | 1 Xmb Forum | 1 Xmb | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php. | |||||
| CVE-2003-1547 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. | |||||
| CVE-2003-0310 | 1 Ez | 1 Ez Publish | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script. | |||||
| CVE-2003-1506 | 1 Daniel Barron | 1 Dansguardian | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix CensorNet 3.0 through 3.2 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the DENIEDURL parameter. | |||||
| CVE-2000-1205 | 1 Apache | 1 Http Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant. | |||||
| CVE-2003-1348 | 1 Ftls | 1 Guestbook | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field. | |||||
| CVE-2003-1556 | 1 Cgi City | 1 Cc Guestbook | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) homepage_title (webpage title) parameters. | |||||
| CVE-2004-1924 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php. | |||||