Lucene search
+L

1195 matches found

Cvelist
Cvelist
added 2007/05/14 9:0 p.m.29 views

CVE-2007-1903

Cross-site scripting XSS vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter...

5.6AI score0.02051EPSS
Exploits1References8
Prion
Prion
added 2007/05/11 10:19 a.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in TutorialCMS aka Photoshop Tutorials 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 catFile parameter to a browseCat.php or b browseSubCat.php; the 2 id parameter to c openTutorial.php, d topFrame.php, o...

6.8CVSS6.1AI score0.02782EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2007/05/11 10:0 a.m.23 views

CVE-2007-2599

Multiple SQL injection vulnerabilities in TutorialCMS aka Photoshop Tutorials 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 catFile parameter to a browseCat.php or b browseSubCat.php; the 2 id parameter to c openTutorial.php, d topFrame.php, or e...

8.5AI score0.03726EPSS
Exploits0References12
Cvelist
Cvelist
added 2007/05/11 10:0 a.m.34 views

CVE-2007-2600

Multiple cross-site scripting XSS vulnerabilities in TutorialCMS aka Photoshop Tutorials 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 catFile parameter to a browseCat.php or b browseSubCat.php; the 2 id parameter to c openTutorial.php, d topFrame.php, o...

5.8AI score0.02782EPSS
Exploits0References10
Prion
Prion
added 2007/05/09 9:19 p.m.17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via 1 the formmail parameter to contact/contact/index.php; the 2 formmods or 3 formsearchterm parameter to search/list/actionsearch/index.php; 4 the id parameter to...

5.8CVSS6.1AI score0.01562EPSS
Exploits0References10Affected Software1
Prion
Prion
added 2007/04/13 6:19 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id...

4.3CVSS6.1AI score0.01965EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2007/04/13 6:0 p.m.31 views

CVE-2007-1872

Cross-site scripting XSS vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id...

5.6AI score0.01965EPSS
Exploits1References8
Prion
Prion
added 2007/03/20 10:19 a.m.22 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via 1 the email Subject header in thread.php, 2 the editquery parameter in search.php, or other unspecified parameters in search.php. NOTE:...

4.3CVSS6.1AI score0.02368EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2007/03/20 12:0 a.m.9 views

PT-2007-2909 · Php Nuke · Php-Nuke

Name of the Vulnerable Software and Affected Versions: PHP-Nuke versions 8.0 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module. Recommendations: For PHP-Nuk...

4.3CVSS5.5AI score0.01125EPSS
Exploits1References7
Cvelist
Cvelist
added 2007/01/30 6:0 p.m.18 views

CVE-2007-0595

Cross-site scripting XSS vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter aka the search box...

5.7AI score0.01065EPSS
Exploits0References5
NVD
NVD
added 2007/01/09 6:28 p.m.14 views

CVE-2007-0141

Cross-site scripting XSS vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter...

6.8CVSS5.7AI score0.01402EPSS
Exploits0References7
NVD
NVD
added 2007/01/09 2:28 a.m.16 views

CVE-2007-0121

Cross-site scripting XSS vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

6.8CVSS5.7AI score0.02136EPSS
Exploits1References7
NVD
NVD
added 2006/11/26 10:7 p.m.13 views

CVE-2006-6111

Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 productid parameter in product.asp or 2 search parameter in search.asp. NOTE: the category.asp vector is already covered by CVE-2004-1873...

7.5CVSS8.4AI score0.01998EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2006/11/26 12:0 a.m.4 views

PT-2006-6748 · Unknown · A-Cart Pro

Name of the Vulnerable Software and Affected Versions: A-Cart Pro version 2.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the productid parameter in "product.asp" or the search parameter in "search.asp". Recommendations: For A-Cart Pr...

7.5CVSS7.8AI score0.01998EPSS
Exploits1References11
CVE
CVE
added 2006/11/24 6:0 p.m.42 views

CVE-2006-6082

CVE-2006-6082 affects the CreaScripts Creadirectory component. The documented issue is multiple XSS vulnerabilities that allow remote attackers to inject arbitrary script or HTML via the (1) cat parameter to addlisting.asp or (2) the search parameter to search.asp. The root cause is insufficient ...

4.3CVSS6AI score0.01906EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2006/11/24 12:0 a.m.7 views

PT-2006-6739 · Unknown · Activenews Manager

Name of the Vulnerable Software and Affected Versions: ActiveNews Manager affected versions not specified Description: The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerabilities can be exploited...

7.5CVSS8AI score0.03591EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2006/11/24 12:0 a.m.6 views

PT-2006-6735 · Baal · Baalasp Forum

Name of the Vulnerable Software and Affected Versions: BaalAsp forum affected versions not specified Description: The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerabilities can be exploited through...

7.5CVSS8.1AI score0.01468EPSS
Exploits1References9
Cvelist
Cvelist
added 2006/11/08 8:0 p.m.17 views

CVE-2006-5799

Multiple cross-site scripting XSS vulnerabilities in default.asp in xenis.creator CMS allow remote attackers to inject arbitrary web script or HTML via the 1 contid or 2 search parameters...

5.8AI score0.01446EPSS
Exploits0References7
CVE
CVE
added 2006/10/04 12:0 a.m.38 views

CVE-2006-5164

CVE-2006-5164 affects Sum Effect Software digiSHOP 4.0. Vulnerable component: cart.php. Type: cross-site scripting (XSS). Vectors: remote attackers can craft requests using the (1) sortBy or (2) search parameters to inject arbitrary web script/HTML. Impact: potential script execution in the victi...

6.8CVSS6AI score0.02106EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2006/09/21 1:7 a.m.8 views

CVE-2006-4923

Cross-site scripting XSS vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter...

4.3CVSS5.7AI score0.04366EPSS
Exploits1References6
Rows per page
Query Builder