Export limit exceeded: 362450 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47000 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2820 2 Apple, Redhat 3 Mac Os X, Mac Os X Server, Enterprise Linux 2026-04-23 N/A
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.
CVE-2007-6365 1 Bcoos 1 Event Calendar 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the day and year vectors are covered by CVE-2007-6274.
CVE-2008-6620 1 Grafxsoftware 1 Minicwb 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php in GraFX miniCWB 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errcontext, (2) _GET, (3) _POST, (4) _SESSION, (5) _SERVER, and (6) fckphp_config[Debug_SERVER] parameters.
CVE-2007-6364 1 Jlmforo System 1 Jlmforo System 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in modificarPerfil.php in JLMForo System allows remote authenticated users to inject arbitrary web script or HTML via a signature.
CVE-2008-6616 1 Zen-cart 1 Zen Cart 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6609 1 Ott 1 Phpcksec 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.
CVE-2008-6607 1 Matpo 1 Matpo Link 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to inject arbitrary web script or HTML via the thema parameter.
CVE-2007-6346 1 Rainboard 1 Rainboard 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6343 1 Hp 1 Openview Network Node Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6589 2 Lightneasy, Sqlite 2 Lightneasy, Sqlite 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.
CVE-2007-6244 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
CVE-2007-6243 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-23 N/A
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
CVE-2007-6232 8 Ftp, Hp, Ibm and 5 more 9 Admin, Hp-ux, Tru64 and 6 more 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
CVE-2008-6259 1 Quadcomm 1 Q-shop 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the srkeys parameter.
CVE-2007-5924 1 Ibm 1 Lotus Domino 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-1501 2 Drupal, Exif 2 Drupal, Exif 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image.
CVE-2008-3730 1 Nordicwind 2 Noah, Nordicwind Document Management System 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-3735 1 Phpizabi 1 Phpizabi 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action.
CVE-2007-5923 1 Broadcom 1 Etrust Siteminder 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204.
CVE-2008-3739 2 Spacetag, System Consultants 2 Lacoodast, La Cooda Wiz 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences.