Total
33280 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3156 | 1 Webmin | 2 Usermin, Webmin | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3137 | 1 Webmaster Solutions | 1 Wmscms | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is incorrect. | |||||
| CVE-2007-3064 | 1 Mealex | 1 My Datebook | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter. | |||||
| CVE-2007-3056 | 1 Websvn | 1 Websvn | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter. | |||||
| CVE-2007-3033 | 1 Microsoft | 1 Windows Vista | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone. | |||||
| CVE-2007-3008 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2024-11-21 | 4.3 MEDIUM | N/A |
| Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398. | |||||
| CVE-2007-2914 | 1 Psychostats | 1 Psychostats | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files. | |||||
| CVE-2007-2910 | 1 Jelsoft | 1 Vbulletin | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909. | |||||
| CVE-2007-2811 | 1 Osk | 1 Advance-flow | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-2801 | 1 Eticket | 1 Eticket | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters. NOTE: the vendor disputes the significance of the issue, stating that "eTicket is not designed to work with register_globals On." | |||||
| CVE-2007-2745 | 1 Vdesk | 1 Webmail | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webmail 4.03 allows remote attackers to inject arbitrary web script or HTML via the type parameter. | |||||
| CVE-2007-2581 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Services, Windows 2003 | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. | |||||
| CVE-2007-2524 | 1 Otrs | 1 Otrs | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841. | |||||
| CVE-2007-2450 | 1 Apache | 1 Tomcat | 2024-11-21 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. | |||||
| CVE-2007-2401 | 1 Apple | 3 Iphone Os, Mac Os X, Mac Os X Server | 2024-11-21 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks. | |||||
| CVE-2007-2400 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Safari and 2 more | 2024-11-21 | 4.3 MEDIUM | N/A |
| Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. | |||||
| CVE-2007-2391 | 1 Apple | 1 Safari | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. | |||||
| CVE-2007-2337 | 1 Oicgroup | 1 Exponent Cms | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module. | |||||
| CVE-2007-2248 | 1 Phorum | 1 Phorum | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module. | |||||
| CVE-2007-2206 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a leading "<"<" in the ripeformpost parameter. | |||||