CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

242 matches found

Prion•added 2006/06/12 8:6 p.m.•12 views

Cross site scripting

Cross-site scripting XSS vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations...

4.3CVSS6.2AI score0.00558EPSS

Exploits0References6Affected Software1

Prion•added 2006/06/05 5:2 p.m.•13 views

Cross site scripting

Cross-site scripting XSS vulnerability in HotWebScripts.com Weblog Oggi 1.0 allows remote attackers to inject arbitrary web script or HTML via a comment, possibly involving a javascript URI in the SRC attribute of an IMG element...

4.3CVSS6.2AI score0.00427EPSS

Exploits0References5Affected Software1

Prion•added 2006/06/05 5:2 p.m.•10 views

Cross site scripting

Cross-site scripting XSS vulnerability in Lycos Tripod htmlGEAR guestGEAR aka Guest Gear allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element,...

6.8CVSS6.1AI score0.00411EPSS

Exploits0References2

CVE•added 2006/06/05 5:0 p.m.•36 views

CVE-2006-2808

CVE-2006-2808 is a cross-site scripting vulnerability in Lycos Tripod htmlGEAR guestGEAR (Guest Gear). An attacker can inject arbitrary script via a guestbook post containing a javascript URI in the SRC attribute of a BR element after an extra "iframe" tagname and a double ">", potentially byp...

6.8CVSS5.7AI score0.00411EPSS

Exploits0References2Affected Software1

Cvelist•added 2006/06/05 5:0 p.m.•11 views

CVE-2006-2808

5.7AI score0.00411EPSS

Exploits0References2

Prion•added 2006/05/30 10:2 a.m.•10 views

Cross site scripting

Cross-site scripting XSS vulnerability in the input forms in prattmic and Master5006 PHPSimpleChoose 0.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element...

4.3CVSS6.1AI score0.00558EPSS

Exploits0References6Affected Software1

NVD•added 2006/05/30 10:2 a.m.•10 views

CVE-2006-2637

Cross-site scripting XSS vulnerability in view.php in TuttoPhp 1 Morris Guestbook 1, 2 Pretty Guestbook 1, and 3 Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter...

4.3CVSS5.7AI score0.0127EPSS

Exploits0References14

Prion•added 2006/05/30 10:2 a.m.•10 views

Cross site scripting

4.3CVSS6.1AI score0.0127EPSS

Exploits0References14

Cvelist•added 2006/05/30 10:0 a.m.•15 views

CVE-2006-2639

5.7AI score0.00558EPSS

Exploits0References6

Cvelist•added 2006/05/30 10:0 a.m.•14 views

CVE-2006-2637

5.7AI score0.0127EPSS

Exploits0References14

Prion•added 2006/05/10 2:14 a.m.•11 views

Cross site scripting

Cross-site scripting XSS vulnerability in X7 Chat 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the URL of an avatar, possibly related to the avatar parameter in register.php...

4.3CVSS6.2AI score0.00527EPSS

Exploits0References7Affected Software1

Cvelist•added 2006/05/09 11:0 p.m.•16 views

CVE-2006-2282

5.8AI score0.00527EPSS

Exploits0References7

CVE•added 2006/05/09 11:0 p.m.•48 views

CVE-2006-2282

The CVE-2006-2282 entry describes an XSS vulnerability in X7 Chat 2.0.2 and earlier where a crafted javascript: URI in the avatar URL (likely related to the avatar parameter in register.php) allows remote attackers to inject arbitrary web script or HTML. Public details include a CVSS v2 base scor...

4.3CVSS5.8AI score0.00527EPSS

Exploits0References7Affected Software1

RedHat Linux•added 2006/04/21 3:41 p.m.•2 views

security flaw

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

9.3CVSS5.8AI score0.35997EPSS

Exploits1References4

NVD•added 2006/03/22 1:2 a.m.•9 views

CVE-2006-1344

Cross-site scripting XSS vulnerability in VeriSign haydn.exe, as used in Managed PKI MPKI 6.0, allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the VHTMLFILE parameter...

4.3CVSS5.6AI score0.00864EPSS

Exploits1References7

Prion•added 2006/03/22 1:2 a.m.•11 views

Cross site scripting

4.3CVSS6.1AI score0.00864EPSS

Exploits1References7Affected Software1

CVE•added 2006/03/22 1:0 a.m.•46 views

CVE-2006-1344

CVE-2006-1344 describes a cross-site scripting (XSS) flaw in VeriSign’s haydn.exe CGI used by MPKI 6.0. The vulnerability stems from lack of input validation in the VHTML_FILE parameter, allowing an attacker to inject arbitrary HTML/JavaScript that is returned to the user’s browser. CORE Security...

4.3CVSS5.6AI score0.00864EPSS

Exploits1References7Affected Software1

NVD•added 2006/03/19 2:2 a.m.•8 views

CVE-2006-1264

Cross-site scripting XSS vulnerability in xhawk.net discussion 2.0 beta2 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag...

4.3CVSS5.6AI score0.00521EPSS

Exploits1References5

Prion•added 2006/03/19 2:2 a.m.•13 views

Cross site scripting

Cross-site scripting XSS vulnerability in xhawk.net discussion 2.0 beta2 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag...

4.3CVSS6.1AI score0.00521EPSS

Exploits1References5Affected Software1

CVE•added 2006/03/19 2:0 a.m.•45 views

CVE-2006-1264

CVE-2006-1264 affects xhawk.net discussion 2.0 beta2. The issue is a Cross-site scripting (XSS) vulnerability where a Javascript URI in a BBCode img tag can be exploited to inject arbitrary script/HTML. The core problem is user-supplied content within a BBCode image tag not properly sanitized, en...

4.3CVSS5.7AI score0.00521EPSS

Exploits1References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by