Export limit exceeded: 10624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45719 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45719 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3858 | 1 Gejosoft | 1 Gejosoft | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in GejoSoft allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI in photos/tags. | ||||
| CVE-2007-6726 | 2 Apache, Dojotoolkit | 2 Struts, Dojo | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/. | ||||
| CVE-2007-5121 | 1 Jspwiki | 1 Jspwiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to wiki-3/Login.jsp and unspecified other components. | ||||
| CVE-2007-5033 | 1 Phpbb Xs | 1 Phpbb Xs | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profile_info editprofile action. | ||||
| CVE-2007-3918 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter. | ||||
| CVE-2007-6646 | 1 Integry Systems | 1 Livecart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via (1) the return parameter to user/remindPassword, (2) the q parameter to the category script, (3) the return parameter to the order script, or (4) the email parameter to user/remindComplete. | ||||
| CVE-2009-4406 | 1 Apc | 3 Aos, Ap7932 B2, Ap7932 B2 Firmware | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Forms/login1 in American Power Conversion (APC) Switched Rack PDU AP7932 B2, running rpdu 3.3.3 or 3.7.0 on AOS 3.3.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the login_username parameter. | ||||
| CVE-2007-4811 | 1 Netjuke | 1 Netjuke | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to inject arbitrary web script or HTML via (1) the val parameter to alphabet.php in an alpha.albums action, or the PATH_INFO to (2) random.php or (3) admin/hidden.php. | ||||
| CVE-2007-5127 | 1 Simpgb | 1 Simpgb | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 allow remote attackers to inject arbitrary web script or HTML via (1) the l_username parameter to the default URI under admin/ or (2) the l_emoticonlist parameter to admin/emoticonlist.php. | ||||
| CVE-2007-5136 | 1 Dragonfrugal | 1 Dfd Cart | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-2022 | 1 Pd9 Software | 1 Megabbs | 2026-04-23 | N/A |
| Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. NOTE: vector 2 requires authentication. | ||||
| CVE-2009-1261 | 1 Webhelpdesk | 1 Web Help Desk | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk 9.1.22 (evaluation version) allow remote attackers to inject arbitrary web script or HTML via the (1) Report Name, (2) Asset No., and (3) Full Name fields in a Models action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-5106 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter. | ||||
| CVE-2008-1892 | 1 Blogator Script | 1 Blogator Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in bs_auth.php in Blogator-script 0.95 and 1.01 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1132 | 1 Mtcms | 1 Mtcms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields. | ||||
| CVE-2008-2413 | 1 Acgv.free | 1 Acgv News | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2008-1839 | 1 Work System E-commerce | 1 Work System E-commerce | 2026-04-23 | N/A |
| Multgiple cross-site scripting (XSS) vulnerabilities in module/main.php in WORK system e-commerce 4.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, and (3) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0092 | 1 Phpwebsite | 1 Phpwebsite | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the search module in Appalachian State University phpWebSite 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2008-1800 | 1 Divx | 1 Divxdb | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1793 | 1 Hoffice | 3 Smart Classified Ads, Smart Photo Ads, Smart Photo Ads Gold | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Smart Classified ADS Professional, Smart Photo ADS, and Smart Photo ADS Gold allow remote attackers to inject arbitrary web script or HTML via the (1) AdNum and (2) Department parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||