CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

272 matches found

Cvelist•added 2007/08/14 10:0 p.m.•20 views

CVE-2007-3891

Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes...

7.4AI score0.55743EPSS

Exploits1References8

Cvelist•added 2007/08/14 10:0 p.m.•23 views

CVE-2007-3033

Cross-site scripting XSS vulnerability in Windows Vista Feed Headlines Gadget aka Sidebar RSS Feeds Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zo...

6.1AI score0.58515EPSS

Exploits1References9

RedHat Linux•added 2007/03/02 6:27 p.m.•1 views

security flaw

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions...

4.3CVSS7.4AI score0.02184EPSS

Exploits0References4

Mozilla•added 2007/02/23 12:0 a.m.•37 views

Improvements to help protect against Cross-Site Scripting attacks — Mozilla

Firefox 2.0.0.2 and 1.5.0.10 contain several small changes that will make it easier for sites to protect their visitors against Cross-Site Scripting XSS attacks. Invalid trailing characters in HTML tag attributes The Mozilla parser formerly ignored invalid trailing characters in HTML tag attribut...

5.8CVSS8AI score0.02609EPSS

Exploits0References11Affected Software2

Debian CVE•added 2005/06/08 4:0 a.m.•26 views

CVE-2005-1888

Cross-site scripting XSS vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates...

4.3CVSS5.7AI score0.00364EPSS

Exploits0

Tenable Nessus•added 2005/06/07 12:0 a.m.•30 views

MediaWiki < 1.3.13 / 1.4.5 / 1.5.0 alpha2 Page Template Inclusions HTML Attributes XSS

According to its self-reported version number, the installation of MediaWiki running on the remote host is affected by a cross-site scripting vulnerability due to a failure to sanitize user-supplied input passed to certain HTML attributes when including a template inside a style directive when...

4.3CVSS5.9AI score0.00364EPSS

Exploits0References2

NVD•added 2005/06/06 4:0 a.m.•20 views

CVE-2005-1888

Cross-site scripting XSS vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates...

4.3CVSS5.6AI score0.00364EPSS

Exploits0References3

OSV•added 2005/06/06 4:0 a.m.•1 views

DEBIAN-CVE-2005-1888

Cross-site scripting XSS vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates...

4.3CVSS6.1AI score0.00364EPSS

Exploits0References1

Exploit DB•added 2004/12/15 12:0 a.m.•24 views

Vilistextum 2.6.6 - HTML Attribute Parsing Buffer Overflow

source: https://www.securityfocus.com/bid/11979/info Vilistextum is prone to a buffer overflow vulnerability. This issue is exposed when the application parses HTML attributes while converting an HTML file to text/ASCII. Since HTML files will likely originate from an external or untrusted source,...

7AI score

Exploits0

exploitpack•added 2002/07/19 12:0 a.m.•23 views

Geeklog 1.3.5 - HTML Attribute Cross-Site Scripting

Geeklog 1.3.5 - HTML Attribute Cross-Site Scripting source: https://www.securityfocus.com/bid/5270/info A cross site scripting vulnerability has been reported for Geeklog. Reportedly, Geeklog does not properly sanitize user supplied input before being included when posting comments or writing...

Exploits0