Export limit exceeded: 361388 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46939 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46939 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0828 | 1 Atutor | 1 Atutor | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the profile. | ||||
| CVE-2007-6486 | 1 Geek-palace.com | 1 Lineshout | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0454 | 2 Microsoft, Skype Technologies | 3 Internet Explorer, Windows, Skype | 2026-04-23 | N/A |
| Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." | ||||
| CVE-2008-0866 | 1 Bea | 1 Weblogic Workshop | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Workshop allow remote attackers to inject arbitrary web script or HTML via an invalid action URI, which is not properly handled by NetUI page flows. | ||||
| CVE-2007-3954 | 2 Microsoft, Mozilla | 2 Internet Explorer, Seamonkey | 2026-04-23 | N/A |
| Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670. | ||||
| CVE-2007-6110 | 2 Htdig, Redhat | 2 Htdig, Enterprise Linux | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. | ||||
| CVE-2007-6560 | 1 Logaholic | 1 Logaholic | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the conf parameter to index.php. | ||||
| CVE-2007-6156 | 1 Secureideas | 1 Basic Analysis And Security Engine | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1] parameters. | ||||
| CVE-2007-6569 | 1 Sun | 2 Java System Web Proxy Server, Java System Web Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246. | ||||
| CVE-2007-6570 | 1 Sun | 2 Java System Web Proxy Server, Java System Web Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309. | ||||
| CVE-2008-0899 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page. | ||||
| CVE-2007-6616 | 1 Simpleforum | 1 Simpleforum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in simpleforum.cgi in SimpleForum 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchkey parameter in a search action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6617 | 1 Atlassian | 1 Jira | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5119 | 1 Scripts4profit | 1 Dxshopcart | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Scripts4Profit DXShopCart 4.30mc allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | ||||
| CVE-2008-5126 | 1 Boutikone | 1 Boutikone Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. | ||||
| CVE-2008-0909 | 1 Schoolwires | 1 Academic Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to inject arbitrary web script or HTML via the c parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2010-0331 | 2 Stefan Tannhaeuser, Typo3 | 2 Tv21 Talkshow, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-0347 | 1 Typo3 | 2 Typo3, Vd Gemomap | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-0357 | 1 Ibm | 1 Lotus Web Content Management | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32; and 6.1.0.1 and 6.1.0.2 before iFix 24; for WebSphere Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2007-6673 | 1 Makale Scripti | 1 Makale Scripti | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action. | ||||