Export limit exceeded: 47037 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 47037 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47037 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5011 | 1 Ibm | 2 Lotus, Lotus Domino | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860. | ||||
| CVE-2008-4672 | 1 Goodlyrics | 1 Lyrics Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search_results.php in buymyscripts Lyrics Script allows remote attackers to inject arbitrary web script or HTML via the k parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4663 | 1 Kumacchi | 1 Ks Cgi Access Log | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used in K's CGI Access Log Kaiseki (1) jcode.pl and (2) Jcode.pm, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-3593 | 1 Adventnet | 1 Manageengine Netflow Analyzer | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500. | ||||
| CVE-2007-3386 | 2 Apache, Redhat | 3 Tomcat, Enterprise Linux, Rhel Application Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. | ||||
| CVE-2008-4349 | 1 S0nic | 1 Paranews | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) page parameter in a details action. | ||||
| CVE-2009-1801 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4336 | 1 Constantin Charissis | 1 Atomic Photo Album | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to inject arbitrary web script or HTML via the apa_album_ID parameter. | ||||
| CVE-2009-1798 | 1 Apc | 2 Network Management Card, Switched Rack Pdu | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406. | ||||
| CVE-2009-1796 | 1 Sun | 1 Java System Portal Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page. | ||||
| CVE-2008-4320 | 1 Opennms.org | 1 Opennms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list. | ||||
| CVE-2007-3156 | 1 Webmin | 2 Usermin, Webmin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1790 | 1 Cgi Rescue | 1 Rescue | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before 2.11 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2009-1724 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. | ||||
| CVE-2007-2745 | 1 Vdesk | 1 Webmail | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webmail 4.03 allows remote attackers to inject arbitrary web script or HTML via the type parameter. | ||||
| CVE-2009-1715 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges. | ||||
| CVE-2008-3880 | 1 Zoneminder | 1 Zoneminder | 2026-04-23 | N/A |
| SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter. | ||||
| CVE-2007-2401 | 1 Apple | 3 Iphone Os, Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks. | ||||
| CVE-2007-2400 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Safari and 2 more | 2026-04-23 | N/A |
| Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. | ||||
| CVE-2008-3874 | 1 Lussumo | 1 Vanilla | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). NOTE: some of these details are obtained from third party information. | ||||