Search Results (83810 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4711 1 Www.toms-seiten.at 1 Toms Gaestebuch 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch 1.00 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage, (2) mail, and (3) name parameters in a show action to (a) form.php; the (4) language and (5) anzeigebreite parameters to (b) admin/header.php; and the (6) msg parameter to (c) install.php, different vectors than CVE-2006-0706.
CVE-2007-5303 1 Snewscms 1 Snewscms Rus 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS Rus 2.1 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter.
CVE-2007-6407 1 Ibm 1 Tivoli Provisioning Manager Express 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Provisioning Manager Express allow remote attackers to inject arbitrary web script or HTML via the (1) "assess modification," (2) user-id, and other unspecified fields to the /tpmx URI; or (3) involving unspecified vectors related to "error processing."
CVE-2009-2217 1 Phantom-inker 1 Nbbc 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via an invalid URL in a BBCode img tag.
CVE-2008-2379 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.
CVE-2007-6695 1 Drake Team 1 Drake Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter.
CVE-2008-0780 1 Moinmoin 1 Moinmoin 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.
CVE-2007-4779 1 Joomla 1 Joomla 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section.
CVE-2008-0462 1 Drupal 2 Archive Module, Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2211 1 Ibm 1 Rational Clearquest 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-0892 1 Redhat 2 Directory Server, Fedora Directory Server 2026-04-23 N/A
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.
CVE-2007-5730 4 Debian, Qemu, Redhat and 1 more 4 Debian Linux, Qemu, Enterprise Linux and 1 more 2026-04-23 N/A
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability.
CVE-2007-5727 1 Oneorzero 1 Oneorzero Helpdesk 2026-04-23 N/A
Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary web script or HTML via XSS sequences without SCRIPT tags in the description parameter to (1) tcreate.php or (2) tupdate.php, as demonstrated using an onmouseover event in a b tag.
CVE-2007-6588 1 Phpcredo 1 Phcdownload 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0474 1 Manageengine 1 Applications Manager 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1482 1 Liqua 1 Wbblog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows remote attackers to inject arbitrary web script or HTML via the e_id parameter in a viewentry cmd.
CVE-2008-2035 2 Bluemoon, Xoops 7 Backpack, Bmsurvey, Newbb Fileup and 4 more 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) BackPack 0.91 and earlier, (2) BmSurvey 0.84 and earlier, (3) newbb_fileup 1.83 and earlier, (4) News_embed (news_fileup) 1.44 and earlier, and (5) PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-4438 1 Datafeed Studio 1 Datafeed Studio 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.php in Datafeed Studio 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0749 1 Calimero.cms 1 Calimero.cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS 3.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a calimero_webpage action.
CVE-2007-5980 1 Eggblog 1 Eggblog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).