Search Results (83805 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5214 1 Axis 1 2100 Network Camera 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
CVE-2008-7150 2 Ber Kessels, Drupal 2 Refine By Taxo, Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a taxonomy term, which is not properly handled by refine_by_taxo when displaying tags.
CVE-2006-7059 1 Scriptsez.net 1 E-dating System 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities (&#0000039) in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin operation to cindex.php.
CVE-2008-0203 1 Wordpress 1 Cryptographp 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6) charB, (7) charclear, (8) tfont, (9) charel, (10) charelc, (11) charelv, (12) charnbmin, (13) charnbmax, (14) charspace, (15) charsizemin, (16) charsizemax, (17) charanglemax, (18) noisepxmin, (19) noisepxmax, (20) noiselinemin, (21) noiselinemax, (22) nbcirclemin, (23) nbcirclemax, or (24) brushsize parameter to wp-admin/options-general.php.
CVE-2008-0201 1 Expressionengine 1 Expressionengine 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter.
CVE-2008-0134 1 Snitz Communications 1 Snitz Forums 2000 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter.
CVE-2008-0093 1 Eticket 1 Eticket 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters.
CVE-2006-5451 1 Torrentflux 1 Torrentflux 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the Activity Log; and the (4) torrent parameter, as used by the displayName variable, in (b) startpop.php, different vectors than CVE-2006-5227.
CVE-2006-6882 1 Golden Book 1 Golden Book 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in golden book allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-4862 1 Quirm 1 Saxon 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5.4 allows remote attackers to inject arbitrary web script or HTML via the config[news_url] parameter.
CVE-2007-4698 1 Apple 1 Safari 2026-04-23 N/A
Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.
CVE-2006-6401 1 Mystats 1 Mystats 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in MyStats 1.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) connexion, (2) by, and (3) details parameter.
CVE-2008-0239 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.
CVE-2008-0155 1 Evilboard 1 Evilboard 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter.
CVE-2008-0494 1 Endian 1 Firewall 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5291 1 Daniel Broadbent 1 Db Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-0274 1 Drupal 1 Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.
CVE-2008-1222 1 Dokeos 1 Open Source Learning And Knowledge Management Tool 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-1224 1 Bosdev 1 Bosclassifieds Classified Ads 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in account.php in BosClassifieds Classified Ads System 3.0 allows remote attackers to inject arbitrary web script or HTML via the returnTo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1229 1 Jspwiki 1 Jspwiki 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b.