Export limit exceeded: 361155 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46909 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5051 | 1 Phpgedview | 1 Phpgedview | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) box_width, (2) PEDIGREE_GENERATIONS, and (3) rootid parameters in ancestry.php, and the (4) newpid parameter in timeline.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-5052 | 1 Itcms | 1 Vigile Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vigile CMS 1.8 allow remote attackers to inject arbitrary web script or HTML via a request to the wiki module with (1) the title parameter or (2) a "title=" sequence in the PATH_INFO, or a request to the download module with (3) the cat parameter or (4) a "cat=" sequence in the PATH_INFO. | ||||
| CVE-2007-5088 | 1 Sisd | 1 Freeside | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search/cust_bill_event.cgi in Freeside 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the failed parameter. | ||||
| CVE-2007-5091 | 1 Egroupware | 1 Egroupware | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php. | ||||
| CVE-2008-0474 | 1 Manageengine | 1 Applications Manager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-5112 | 1 Roi Revolution | 1 Urchin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords. | ||||
| CVE-2008-0494 | 1 Endian | 1 Firewall | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-5136 | 1 Dragonfrugal | 1 Dfd Cart | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-0505 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters. | ||||
| CVE-2007-5176 | 1 Grouplink | 1 Ehelpdesk | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GroupLink eHelpDesk 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) NA_DISPLAYNAME parameter in helpdesk/user/rf_create.jsp and the (2) username and (3) LDAPError parameters in index2.jsp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-5190 | 1 Alcatel-lucent | 1 Omnivista | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or (2) the Langue parameter to the default URI. | ||||
| CVE-2007-5228 | 1 Drupal | 1 Drupal Project Issue Tracking | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the subscription functionality in the Project issue tracking module before 4.7.x-1.5, 4.7.x-2.x before 4.7.x-2.5, and 5.x-1.x before 5.x-1.1 for Drupal allows remote authenticated users with project create or edit permissions to inject arbitrary web script or HTML via unspecified vectors involving a (1) individual or (2) overview form. | ||||
| CVE-2007-5255 | 1 Google | 1 Mini Search Appliance | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance 3.4.14 allows remote attackers to inject arbitrary web script or HTML via the ie parameter to the /search URI. | ||||
| CVE-2007-5304 | 1 Yannick Tanguy | 1 Else If Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) repertimage parameter to utilisateurs/vousetesbannis.php, the (2) elseifvotetxtresultatduvote parameter to utilisateurs/votesresultats.php, and the (3) elseifforumtxtmenugeneraleduforum parameter to moduleajouter/depot/adminforum.php. | ||||
| CVE-2008-0552 | 1 Eticket | 1 Eticket | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2007-5312 | 1 Torrenttrader | 1 Torrenttrader | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 allows remote attackers to inject arbitrary web script or HTML via the (1) color parameter to pjirc/css.php and the (2) cat parameter to browse.php. | ||||
| CVE-2008-0576 | 1 Drupal | 1 Project Issue Tracking Module | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors that write to summary table pages. | ||||
| CVE-2007-5403 | 1 Layton Technology | 1 Helpbox | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Filter field to statsrequestypereport.asp; and the (6) sys_request_id parameter to requestattach.asp; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) Asset, (8) Location, and (9) Problem fields to editrequestenduser.asp; the (10) Asset, (11) Asset Location, (12) Problem Desc, and (13) Solution Desc fields to editrequestuser.asp; and the (14) End User and (15) Description fields to usersearchrequests.asp. NOTE: vectors 5 and 6 do not require authentication to exploit. | ||||
| CVE-2007-5411 | 1 Linksys | 1 Spa941 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message. | ||||
| CVE-2007-5455 | 1 Wwwisis | 1 Wwwisis | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in wxis.exe in WWWISIS 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a call to the iah/iah.xis IsisScript code, possibly involving the lang or exprSearch parameter. | ||||