Export limit exceeded: 47293 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47293 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1547 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. | ||||
| CVE-2006-0860 | 1 Michael Salzer | 1 Guestbox | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression check, and (2) other unspecified attack vectors. | ||||
| CVE-2006-1918 | 1 Papoo | 1 Papoo | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 allow remote attackers to inject arbitrary web script or HTML via the menuid parameter to (1) index.php or (2) forum.php, or the (3) reporeid_print parameter to print.php. | ||||
| CVE-2002-2347 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field. | ||||
| CVE-2003-1522 | 1 Pscs | 1 Vpop3 Web Mail Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server 2.0e and 2.0f allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to the admin/index.html page. | ||||
| CVE-2006-4299 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2003-1519 | 1 Vivisimo | 1 Clustering Engine | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine allows remote attackers to inject arbitrary web script or HTML via the query parameter to the search program. | ||||
| CVE-2003-1549 | 1 Myabracadaweb | 1 Myabracadaweb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in header.php in MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the ma_kw parameter. | ||||
| CVE-2002-2386 | 1 Xoops | 1 Xoops | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag. | ||||
| CVE-2006-0896 | 1 Simple Machines | 1 Simple Machines Forum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field. | ||||
| CVE-2005-0896 | 1 Accomplishtechnology | 1 Phpmydirectory | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter. | ||||
| CVE-2006-4067 | 1 Cakephp | 1 Cakephp | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2004-1875 | 1 Cpanel | 1 Cpanel | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10. | ||||
| CVE-2004-2741 | 1 Horde | 1 Application Framework | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters. | ||||
| CVE-2004-2738 | 1 Zeroboard | 1 Zeroboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. | ||||
| CVE-2004-2735 | 1 Fredric Fredricson | 1 P4db | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) SET_PREFERENCES parameter in SetPreferences.cgi; (2) BRANCH parameter in branchView.cgi; (3) FSPC and (4) COMPLETE parameters in changeByUsers.cgi; (5) FSPC, (6) LABEL, (7) EXLABEL, (8) STATUS, (9) MAXCH, (10) FIRSTCH, (11) CHOFFSETDISP, (12) SEARCHDESC, (13) SEARCH_INVERT, (14) USER, (15) GROUP, and (16) CLIENT parameters in changeList.cgi; (17) CH parameter in changeView.cgi; (18) USER parameter in clientList.cgi; (19) CLIENT parameter in clientView.cgi; (20) FSPC parameter in depotTreeBrowser.cgi; (21) FSPC parameter in depotStats.cgi; (22) FSPC, (23) REV, (24) ACT, (25) FSPC2, (26) REV2, (27) CH, and (28) CONTEXT parameters in fileDiffView.cgi; (29) FSPC and (30) REV parameters in fileDownLoad.cgi; (31) FSPC, (32) LISTLAB, and (33) SHOWBRANCH parameters in fileLogView.cgi; (34) FSPC and (35) LABEL parameters in fileSearch.cgi; (36) FSPC, (37) REV, and (38) FORCE parameters in fileViewer.cgi; (39) FSPC parameter in filesChangedSince.cgi; (40) GROUP parameter in groupView.cgi; (41) TYPE, (42) FSPC, and (43) REV parameters in htmlFileView.cgi; (44) CMD parameter in javaDataView.cgi; (45) JOBVIEW and (46) FLD parameters in jobList.cgi; (47) JOB parameter in jobView.cgi; (48) LABEL1 and (49) LABEL2 parameters in labelDiffView.cgi; (50) LABEL parameter in labelView.cgi; (51) FSPC parameter in searchPattern.cgi; (52) TYPE, (53) FSPC, and (54) REV parameters in specialFileView.cgi; (55) GROUPSONLY parameter in userList.cgi; or (56) USER parameter in userView.cgi. | ||||
| CVE-2004-2725 | 1 Aztek Forum | 1 Aztek Forum | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in (a) search.php, (2) the email parameter in (b) subscribe.php, and (3) the return and (4) title parameters in (c) forum_2.php. | ||||
| CVE-2004-2704 | 2 Hastymail, Microsoft | 2 Hastymail, Internet Explorer | 2026-04-16 | N/A |
| Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks. | ||||
| CVE-2004-1417 | 1 Psychostats | 1 Psychostats | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter. | ||||
| CVE-2004-1924 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php. | ||||