Export limit exceeded: 47126 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47126 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2330 | 1 Uninet | 1 Statsplus | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via (1) HTTP_USER_AGENT or (2) HTTP_REFERER, which is written to stats.html and executed in client browsers. | ||||
| CVE-2002-2321 | 1 Phplinkat | 1 Phplinkat | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) addyoursite.php in phpLinkat 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the catid parameter. | ||||
| CVE-2004-1424 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2006-0706 | 1 Gastebuch | 1 Gastebuch | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in eintrag.php in Gästebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter. | ||||
| CVE-2006-3087 | 1 Ezgallery | 1 Ezgallery | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pUserID, (2) aid, (3) aname, (4) uid, and (5) m parameter in (a) common/galleries.asp; (6) aid, (7) aname, (8) uid, (9) m, (10) gp, and (11) g parameter in (b) common/pupload.asp; and (12) msg, (13) fn and (14) gp parameter in (c) common/upload.asp. | ||||
| CVE-2002-2378 | 1 Nakata | 1 An Httpd | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page. | ||||
| CVE-2002-2377 | 1 Sephiroth32 | 1 Zap Book | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field. | ||||
| CVE-2006-2951 | 1 Npds | 1 Npds | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the (1) Titlesitename or (2) sitename parameter to (a) header.php, (3) nuke_url parameter to (b) meta/meta.php, (4) forum parameter to (c) viewforum.php, (5) post_id, (6) forum, (7) topic, or (8) arbre parameter to (d) editpost.php, or (9) uname or (10) email parameter to (e) user.php. | ||||
| CVE-2005-4060 | 1 Rainworx | 1 Rwauction Pro | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. | ||||
| CVE-2005-3803 | 1 Cisco | 2 Unified Wireless Ip Phone 7920, Unified Wireless Ip Phone 7920 Firmware | 2026-04-16 | 7.5 High |
| Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2005-0543 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php. | ||||
| CVE-2006-0663 | 1 Ibm | 1 Lotus Domino Inotes Client | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename. | ||||
| CVE-2006-0208 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. | ||||
| CVE-2006-4038 | 1 Chaossoft | 1 Gaestechaos | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters. | ||||
| CVE-2004-1417 | 1 Psychostats | 1 Psychostats | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter. | ||||
| CVE-2006-1750 | 1 Jmb Software | 1 Autogallery | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Autogallery 0.41 allow remote attackers to inject arbitrary web script or HTML via the (1) pic or (2) show parameters. | ||||
| CVE-2006-2800 | 1 Unak | 1 Unak Cms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u_a or (2) u_s parameters. NOTE: this might be resultant from SQL injection. | ||||
| CVE-2005-4386 | 1 Colony | 4 Colony Cms, Colony E-commerce Cms, Colony Enterprise Cms and 1 more | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | ||||
| CVE-2006-1760 | 1 Jetphotosoft.com | 1 Jetphoto | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php. | ||||
| CVE-2006-1826 | 1 Snipegallery | 1 Snipe Gallery | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in view.php, (2) keyword parameter in search.php, and (3) image_id parameter in image.php. NOTE: it is possible that vectors 1 and 3 are resultant from SQL injection. | ||||