Search Results (47186 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3496 1 Php Handicapper 1 Php Handicapper 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct.
CVE-2005-1669 1 Opera 1 Opera Browser 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains.
CVE-2002-2378 1 Nakata 1 An Httpd 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page.
CVE-2002-2386 1 Xoops 1 Xoops 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag.
CVE-2006-0175 1 Webwiz 1 Web Wiz Forums 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2004-1424 1 Moodle 1 Moodle 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2006-0806 1 John Lim 1 Adodb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.
CVE-2004-1865 1 Bblog 1 Bblog 2026-04-16 4.8 Medium
Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability.
CVE-2006-3061 1 Review-script.com 1 Five Star Review Script 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the "search box") in search_reviews.php, (4) the profile field in usercp/profile_edit1.php, and the (5) review field in review_form.php.
CVE-2006-0896 1 Simple Machines 1 Simple Machines Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field.
CVE-2004-1924 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php.
CVE-2006-3087 1 Ezgallery 1 Ezgallery 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pUserID, (2) aid, (3) aname, (4) uid, and (5) m parameter in (a) common/galleries.asp; (6) aid, (7) aname, (8) uid, (9) m, (10) gp, and (11) g parameter in (b) common/pupload.asp; and (12) msg, (13) fn and (14) gp parameter in (c) common/upload.asp.
CVE-2006-0996 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Stronghold 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.
CVE-2005-4838 2 Apache, Redhat 3 Tomcat, Network Satellite, Rhel Application Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
CVE-2002-2364 1 Sourceforge 1 Php Ticket 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a help ticket.
CVE-2004-2756 1 Xoops 1 Xoops 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id parameters.
CVE-2005-1006 1 Sonicwall 2 Soho, Soho Firmware 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.
CVE-2006-3924 1 Dokeos 1 Dokeos 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-1898 1 Ralph Capper 1 Tinyphpforum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name. NOTE: the "Access to hash password" issue is already covered by CVE-2006-0103.
CVE-2006-3571 1 Papoo 1 Papoo 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) titel or (2) ausgabe parameters.