CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3220 matches found

NVD•added 2006/01/11 9:3 p.m.•9 views

CVE-2006-0165

Cross-site scripting XSS vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 gamma allows remote attackers to inject arbitrary Javascript via the 1 url and 2 name field of the default email form...

4.3CVSS5.9AI score0.00427EPSS

Exploits0References5

Prion•added 2006/01/10 11:3 a.m.•14 views

Cross site scripting

Cross-site scripting XSS vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI...

4.3CVSS6.3AI score0.00704EPSS

Exploits1References6Affected Software1

Prion•added 2006/01/10 11:3 a.m.•7 views

Cross site scripting

Cross-site scripting XSS vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in 1 addpost1.php and 2 addtopic1.php...

4.3CVSS6.4AI score0.00763EPSS

Exploits1References7Affected Software1

Cvelist•added 2006/01/10 11:0 a.m.•19 views

CVE-2006-0155

5.9AI score0.00704EPSS

Exploits1References6

Packet Storm•added 2005/11/08 12:0 a.m.•36 views

namesXSS.txt

names.co.uk is an English registrar and web hosting company. Their frames-based hosting option has an XSS vulnerability allowing injection of arbitrary Javascript. For example: http://www.weddingbiz.co.uk/%22%3E%3Cframe%20src%3D%22javascript%3Aalert%281%29%22%20 According to webhosting.info,...

7.4AI score

Exploits0

OpenVAS•added 2005/11/03 12:0 a.m.•13 views

Horde 3.0 XSS Vulnerability

Horde is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2005 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS6AI score0.00504EPSS

Exploits1References2

NVD•added 2005/08/17 4:0 a.m.•11 views

CVE-2005-2595

Cross-site scripting XSS vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages...

4.3CVSS6.2AI score0.0038EPSS

Exploits0References3

Cvelist•added 2005/08/17 4:0 a.m.•21 views

CVE-2005-2595

Cross-site scripting XSS vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages...

6.2AI score0.0038EPSS

Exploits0References3

Cvelist•added 2005/07/10 4:0 a.m.•17 views

CVE-2004-2174

Cross-site scripting XSS vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter...

5.8AI score0.01105EPSS

Exploits1References9

NVD•added 2005/05/18 4:0 a.m.•8 views

CVE-2005-1659

Cross-site scripting XSS vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." triple dot followed by an onmouseover event...

4.3CVSS5.8AI score0.00656EPSS

Exploits1References2

Cvelist•added 2005/05/16 4:0 a.m.•15 views

CVE-2005-1592

Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript...

6.8AI score0.00664EPSS

Exploits1References2

UbuntuCve•added 2005/05/09 4:0 a.m.•26 views

CVE-2005-1477

The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as...

5.1CVSS6.1AI score0.41646EPSS

Exploits1References1

NVD•added 2005/05/09 4:0 a.m.•18 views

CVE-2005-1477

5.1CVSS6.5AI score0.41646EPSS

Exploits1References19

UbuntuCve•added 2005/05/09 4:0 a.m.•28 views

CVE-2005-1476

Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477...

5.1CVSS6.6AI score0.4976EPSS

Exploits1References1

CVE•added 2005/05/09 4:0 a.m.•70 views

CVE-2005-1477

CVE-2005-1477 describes an arbitrary JavaScript execution flaw in Firefox 1.0.3 via the installer’s IconURL handling, enabling code execution with chrome privileges when a trusted extension install site (e.g., update.mozilla.org/addon.mozilla.org) is used, potentially chaining with CVE-2005-1476....

5.1CVSS6.4AI score0.41646EPSS

Exploits1References19Affected Software1

NVD•added 2005/05/02 4:0 a.m.•5 views

CVE-2005-1068

Cross-site scripting XSS vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via url tags...

4.3CVSS6.3AI score0.00483EPSS

Exploits0References5

NVD•added 2005/05/02 4:0 a.m.•16 views

CVE-2005-1158

Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the search target of the Firefox sidebar...

5CVSS6.4AI score0.00857EPSS

Exploits0References7

NVD•added 2005/05/02 4:0 a.m.•9 views

CVE-2005-0778

PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif...

5CVSS6.9AI score0.00392EPSS

Exploits0References4

Cvelist•added 2005/04/18 4:0 a.m.•19 views

CVE-2005-1158

Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the search target of the Firefox sidebar...

6.3AI score0.00857EPSS

Exploits0References7

Cvelist•added 2005/04/12 4:0 a.m.•9 views

CVE-2005-1068

Cross-site scripting XSS vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via url tags...

6.3AI score0.00483EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by