Export limit exceeded: 15954 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 47104 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47104 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1905 1 Pineapple Technologies 1 Quizshock 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using "<"<".
CVE-2009-4450 1 Livezilla 1 Livezilla 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in map.php in LiveZilla 3.1.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lat, (2) lng, and (3) zom parameters, which are not properly handled when processed with templates/map.tpl.
CVE-2009-4473 1 Ektron 1 Cms4000.net 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WorkArea/ContentDesigner/ekformsiframe.aspx in Ektron CMS400.NET 7.6.1.53 and 7.6.6.47, and possibly 7.52 through 7.66sp2, allow remote attackers to inject arbitrary web script or HTML via the (1) css, (2) eca, (3) id, and (4) skin parameters. NOTE: some of these details are obtained from third party information.
CVE-2008-3069 1 Mybb 1 Mybb 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php.
CVE-2009-1030 1 Wordpress 1 Wordpress Mu 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
CVE-2009-1047 1 Drupal 2 Drupal, Print 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail.
CVE-2007-2801 1 Eticket 1 Eticket 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters. NOTE: the vendor disputes the significance of the issue, stating that "eTicket is not designed to work with register_globals On."
CVE-2007-2811 1 Osk 1 Advance-flow 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-3694 1 Getmiro 1 Broadcast Machine 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2009-4497 1 Malcom Box 1 Lxr Cross Referencer 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 and 0.9.6 allows remote attackers to inject arbitrary web script or HTML via the i parameter to the ident program.
CVE-2007-3887 1 Asp Ziyaretci Defteri 1 Asp Ziyaretci Defteri 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp in ASP Ziyaretci Defteri 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Isim, (2) Mesajiniz, and (3) E-posta fields. NOTE: these probably correspond to the isim, mesaj, and posta parameters to save.php.
CVE-2007-3910 1 Bandersnatch 1 Bandersnatch 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows remote attackers to inject arbitrary JavaScript via a Jabber resource name and possibly other data items, which are stored in conversation logs.
CVE-2008-3161 1 Ibm 1 Maximo 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Accept, (2) Accept-Language, (3) UA-CPU, (4) Accept-Encoding, (5) User-Agent, or (6) Cookie HTTP header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4745 2 Joomla, Mambo 2 Akobook, Mambo Site Server 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function.
CVE-2007-4811 1 Netjuke 1 Netjuke 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to inject arbitrary web script or HTML via (1) the val parameter to alphabet.php in an alpha.albums action, or the PATH_INFO to (2) random.php or (3) admin/hidden.php.
CVE-2007-4813 1 Domino Blogsphere 1 Domino Blogsphere 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 Beta 7 allows remote attackers to inject arbitrary web script or HTML via the name field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4819 1 Txx Cms 1 Txx Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-4828 1 Mediawiki 1 Mediawiki 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-4836 1 Phpmyquote 1 Phpmyquote 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action.
CVE-2007-4862 1 Quirm 1 Saxon 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5.4 allows remote attackers to inject arbitrary web script or HTML via the config[news_url] parameter.