Search Results (47100 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5724 1 Omnistar Interactive 1 Omnistar Live 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live allow remote attackers to inject arbitrary web script or HTML via (1) the category_id parameter to users/kb.php, and possibly (3) the Email Box field in profile.php.
CVE-2009-4461 1 Flatpress 1 Flatpress 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) contact.php, (2) login.php, and (3) search.php.
CVE-2008-0398 1 Aflog 1 Aflog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form.
CVE-2007-6526 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.
CVE-2008-0574 1 Webspell 1 Webspell 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action.
CVE-2008-7213 2 Brilaps, Mambo-foundation 2 Mostlyce, Mambo 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter.
CVE-2008-7222 1 Runcms 1 Runcms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter in a RankForumAdd action.
CVE-2008-4149 1 Drupal 1 Link To Us 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to Us module 5.x before 5.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link page header" field.
CVE-2008-0200 1 Medialand 1 Rotabanner Local 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in account/index.html in RotaBanner Local 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) drop parameter.
CVE-2007-6343 1 Hp 1 Openview Network Node Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3311 1 Rssmediascript 1 Rssmediascript 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2009-0814 1 Blogsa 1 Blogsa 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 Beta 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.
CVE-2009-4400 2 Fr.simon Rundell, Typo3 2 Ste Parish Admin, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-5562 1 Netgear 1 Ssl312 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page.
CVE-2008-0125 1 Phpstats 1 Phpstats 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wagner phpstats 0.1 alpha allows remote attackers to inject arbitrary web script or HTML via the baseDir parameter.
CVE-2009-4384 1 Scriptsez 1 Ez Poll Hoster 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to inject arbitrary web script or HTML via the (1) pid parameter in a code action to index.php and the (2) uid parameter in a view action to profile.php.
CVE-2007-3954 2 Microsoft, Mozilla 2 Internet Explorer, Seamonkey 2026-04-23 N/A
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670.
CVE-2008-4634 1 Six Apart 1 Movable Type 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.21 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the administrative page, a different vulnerability than CVE-2008-4079.
CVE-2008-4637 1 Cpcommerce 1 Cpcommerce 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121.
CVE-2007-5952 1 Helioscalendar 1 Helios Calendar 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.