CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6657 matches found

Prion•added 2007/05/22 7:30 p.m.•10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 brand and 2 Msg parameters...

4.3CVSS5.9AI score0.00507EPSS

Exploits0References6Affected Software1

Prion•added 2007/05/22 7:30 p.m.•10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 galixcatdetail, 2 galixgaldetail, and 3 galixcatdetailsort parameters...

5.8CVSS6.1AI score0.02168EPSS

Exploits1References4Affected Software1

Cvelist•added 2007/05/22 7:0 p.m.•17 views

CVE-2007-2812

Cross-site scripting XSS vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO or 2 the action parameter...

5.6AI score0.02549EPSS

Exploits1References10

Cvelist•added 2007/05/22 7:0 p.m.•16 views

CVE-2007-2806

5.8AI score0.02168EPSS

Exploits1References4

NVD•added 2007/05/22 12:30 a.m.•13 views

CVE-2007-2790

Cross-site scripting XSS vulnerability in shopcontent.asp in VP-ASP Shopping Cart 6.50, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the type parameter...

6.8CVSS5.8AI score0.02428EPSS

Exploits0References9

NVD•added 2007/05/17 8:30 p.m.•12 views

CVE-2007-2745

Cross-site scripting XSS vulnerability in printcal.pl in vDesk Webmail 4.03 allows remote attackers to inject arbitrary web script or HTML via the type parameter...

4.3CVSS5.7AI score0.00346EPSS

Exploits0References4

OSV•added 2007/05/17 7:30 p.m.•4 views

CVE-2007-2739

Cross-site scripting XSS vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.5AI score

Exploits0References8

CVE•added 2007/05/17 7:0 p.m.•57 views

CVE-2007-2739

CVE-2007-2739 is an XSS vulnerability in the php-xajax library prior to version 0.2.5. The root cause is insufficient input sanitising, allowing remote attackers to craft malicious URLs to inject arbitrary script/HTML in a victim’s browser. Public advisories (Debian DSA-1692-1) note the issue as ...

4.3CVSS5.5AI score0.00527EPSS

Exploits0References7Affected Software1

Cvelist•added 2007/05/16 10:0 p.m.•20 views

CVE-2007-2732

Multiple cross-site scripting XSS vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter to view/search/; or the 2 companyname, 3 country, 4 email, 5 firstname, 6 middlename, 7 required, 8 surname, or 9 title parameter to...

5.8AI score0.12779EPSS

Exploits0References6

EUVD•added 2007/05/16 10:0 p.m.•4 views

EUVD-2007-2724

6.8CVSS5.8AI score0.12779EPSS

Exploits0References6

NVD•added 2007/05/16 1:19 a.m.•16 views

CVE-2007-2694

Multiple cross-site scripting XSS vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.00527EPSS

Exploits0References4

Prion•added 2007/05/14 11:19 p.m.•11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PHPChain 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the catid parameter to 1 settings.php or 2 cat.php. NOTE: certain parameter values also trigger path disclosure...

4.3CVSS6AI score0.008EPSS

Exploits0References7Affected Software1

Cvelist•added 2007/05/14 11:0 p.m.•16 views

CVE-2007-2669

5.7AI score0.008EPSS

Exploits0References7

NVD•added 2007/05/10 12:19 a.m.•26 views

CVE-2006-7196

Cross-site scripting XSS vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly...

4.3CVSS5.6AI score0.79909EPSS

Exploits0References20

Prion•added 2007/05/10 12:19 a.m.•47 views

Cross site scripting

Cross-site scripting XSS vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a hash in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and 1 whstart.js...

4.3CVSS6.1AI score0.03931EPSS

Exploits0References9Affected Software2

NVD•added 2007/05/09 12:19 a.m.•12 views

CVE-2007-2532

Multiple cross-site scripting XSS vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO query string to 1 sendmail.php or 2 orderform.php, different vectors than CVE-2006-6734...

4.3CVSS5.6AI score0.11373EPSS

Exploits1References6

Debian CVE•added 2007/05/08 11:0 p.m.•28 views

CVE-2007-2524

Cross-site scripting XSS vulnerability in index.pl in Open Ticket Request System OTRS 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, b...

4.3CVSS5.6AI score0.05802EPSS

Exploits1

Prion•added 2007/05/04 12:19 a.m.•10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the movieid parameter to loan.php or 2 the s parameter to listmovies.php...

6.8CVSS6.1AI score0.01631EPSS

Exploits0References7Affected Software1

NVD•added 2007/05/02 11:19 p.m.•14 views

CVE-2007-2472

Cross-site scripting XSS vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the form parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

4.3CVSS5.6AI score0.00493EPSS

Exploits1References3

Cvelist•added 2007/05/02 11:0 p.m.•19 views

CVE-2007-2472

5.6AI score0.00493EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by