Export limit exceeded: 363125 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47123 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0364 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "javascript". | ||||
| CVE-2006-0442 | 1 Mybb | 1 Mybb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219. | ||||
| CVE-2005-0477 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url. | ||||
| CVE-2005-0485 | 1 Phparena | 1 Panews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter. | ||||
| CVE-2005-1619 | 1 Phpheaven | 1 Phpmychat | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. NOTE: it was later reported that 0.14.5 is also affected. | ||||
| CVE-2002-2246 | 1 Deerfield | 1 Visnetic Website | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header (HTTP_REFERER) to a non-existent page, which is injected into the resulting 404 error page. | ||||
| CVE-2005-1486 | 1 Fishnet | 1 Fishcart | 2026-04-16 | N/A |
| Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable. | ||||
| CVE-2005-0563 | 1 Microsoft | 1 Exchange Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("javAsc
ript:") in an IMG tag. | ||||
| CVE-2006-0535 | 1 Communityserver.org | 1 Community Server | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Community Server allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: this candidate does not contain any actionable or distinguishing information. Perhaps it should not be included in CVE. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-3756 | 1 Geeklog | 1 Geeklog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6). | ||||
| CVE-2006-3918 | 4 Apache, Canonical, Debian and 1 more | 9 Http Server, Ubuntu Linux, Debian Linux and 6 more | 2026-04-16 | N/A |
| http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. | ||||
| CVE-2006-4038 | 1 Chaossoft | 1 Gaestechaos | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters. | ||||
| CVE-2006-0857 | 1 E107 | 2 Chatbox Plugin, E107 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element. | ||||
| CVE-2006-0842 | 1 Calacode | 1 Atmail Webmail System | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "java	script:." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-0706 | 1 Gastebuch | 1 Gastebuch | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in eintrag.php in Gästebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter. | ||||
| CVE-2003-1467 | 4 Linux, Microsoft, Phorum and 1 more | 4 Linux Kernel, All Windows, Phorum and 1 more | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2006-3761 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript". | ||||
| CVE-2003-1479 | 1 Darkwet | 1 Webcam Xp | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field. | ||||
| CVE-2005-4583 | 1 Vmware | 1 Esx | 2026-04-16 | N/A |
| Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). | ||||
| CVE-2003-1453 | 1 Xoops | 1 Xoops | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 through 1.3.9 and XOOPS 2.0 through 2.0.1 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in an IMG tag. | ||||