CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6657 matches found

Prion•added 2007/03/22 11:19 p.m.•24 views

Cross site scripting

Cross-site scripting XSS vulnerability in servlet/Spy in Dynamic Monitoring Services DMS in Oracle Application Server OAS 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563...

4.3CVSS5.5AI score0.34452EPSS

Exploits0References8Affected Software1

NVD•added 2007/03/22 6:19 p.m.•19 views

CVE-2007-0240

Cross-site scripting XSS vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request...

4.3CVSS5.5AI score0.00804EPSS

Exploits0References9

NVD•added 2007/03/21 9:19 p.m.•13 views

CVE-2007-1576

Multiple cross-site scripting XSS vulnerabilities in PHProjekt 5.2.0, when magicquotesgpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the 1 Projects, 2 Contacts, 3 Helpdesk, 4 Search only Gecko engine driven Browsers, and 5 Notes...

4.3CVSS5.4AI score0.01162EPSS

Exploits0References14

Prion•added 2007/03/20 10:19 p.m.•15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpx 3.5.15 allow remote attackers to inject arbitrary web script or HTML via 1 the signature in "dans profile," or 2 search.php...

4.3CVSS6AI score0.00804EPSS

Exploits0References9Affected Software1

CVE•added 2007/03/20 10:0 p.m.•48 views

CVE-2007-1551

CVE-2007-1551 affects phpx 3.5.15 with multiple cross-site scripting (XSS) vulnerabilities. The issues allow remote attackers to inject arbitrary web script or HTML via (1) the signature in "dans profile" and (2) search.php. The affected software is phpx 3.5.15; root cause details are not spelled...

4.3CVSS5.8AI score0.00804EPSS

Exploits0References9Affected Software1

Cvelist•added 2007/03/20 10:0 a.m.•26 views

CVE-2007-1515

Multiple cross-site scripting XSS vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via 1 the email Subject header in thread.php, 2 the editquery parameter in search.php, or other unspecified parameters in search.php. NOTE:...

5.9AI score0.01187EPSS

Exploits1References7

Prion•added 2007/03/19 10:19 p.m.•14 views

Cross site scripting

Cross-site scripting XSS vulnerability in PORTAL.wwvmain.renderwarningscreen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the 1 poldurl and 2 pnewurl parameters...

4.3CVSS5.9AI score0.14916EPSS

Exploits0References5

NVD•added 2007/03/16 9:19 p.m.•18 views

CVE-2007-1482

Cross-site scripting XSS vulnerability in index.php in WBBlog allows remote attackers to inject arbitrary web script or HTML via the eid parameter in a viewentry cmd...

4.3CVSS5.7AI score0.04287EPSS

Exploits0References5

Cvelist•added 2007/03/10 10:0 p.m.•24 views

CVE-2007-1405

Cross-site scripting XSS vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

5.5AI score0.00427EPSS

Exploits0References5

NVD•added 2007/03/03 8:19 p.m.•18 views

CVE-2007-1248

Multiple cross-site scripting XSS vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 cid, 2 uid, and 3 nid parameters to a news.php, and the nid parameter to b rating.php...

4.3CVSS5.8AI score0.04887EPSS

Exploits1References6

Prion•added 2007/03/03 8:19 p.m.•12 views

Cross site scripting

4.3CVSS6.1AI score0.04887EPSS

Exploits1References6Affected Software1

NVD•added 2007/03/03 7:19 p.m.•50 views

CVE-2007-1240

Multiple cross-site scripting XSS vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via 1 the searchkey parameter to index.php, or the 2 sn or 3 ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information ...

4.3CVSS5.7AI score0.01854EPSS

Exploits1References5

Prion•added 2007/03/03 7:19 p.m.•10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via 1 the sxYear parameter to calendar.php, 2 the search parameter to search.php, 3 the linkid parameter to redirect.php, or 4 the page parameter to calendarevents.php...

4.3CVSS6AI score0.00527EPSS

Exploits0References7Affected Software1

NVD•added 2007/03/02 9:18 p.m.•12 views

CVE-2007-1161

Cross-site scripting XSS vulnerability in callentry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problemdesc parameter, as demonstrated by the ONLOAD attribute of a BODY element...

4.3CVSS5.7AI score0.00409EPSS

Exploits1References4

Prion•added 2007/03/02 9:18 p.m.•10 views

Cross site scripting

Cross-site scripting XSS vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error...

4.3CVSS6.7AI score0.0052EPSS

Exploits0References5Affected Software1

CVE•added 2007/02/27 6:0 p.m.•34 views

CVE-2006-7078

CVE-2006-7078 describes multiple cross-site scripting (XSS) vulnerabilities in the Professional Home Page Tools Login Script, present as of July 2006. The issue allows remote attackers to inject arbitrary web script or HTML via the register script parameters (name, vorname, nachname). Documents c...

4.3CVSS6.2AI score0.00527EPSS

Exploits0References6Affected Software1

Cvelist•added 2007/02/27 6:0 p.m.•19 views

CVE-2006-7076

Cross-site scripting XSS vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection...

6.5AI score0.00355EPSS

Exploits0References5

CVE•added 2007/02/26 5:0 p.m.•51 views

CVE-2007-1101

CVE-2007-1101 covers multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0. The flaws allow remote attackers to inject arbitrary web script or HTML via the (1) message/comment field, (2) name field, or (3) q parameter in the search action of index.php. The reports do not specify...

4.3CVSS5.8AI score0.00962EPSS

Exploits0References8Affected Software1

CVE•added 2007/02/24 1:0 a.m.•40 views

CVE-2006-7064

CVE-2006-7064 covers a cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) versions 2.1.6 and earlier, specifically in forum/admin.php via the phpinfo parameter. The underlying issue is that the phpinfo input is reflected into the administrator session in a way that allows an a...

9.3CVSS5.7AI score0.00862EPSS

Exploits0References4Affected Software1

NVD•added 2007/02/24 12:28 a.m.•8 views

CVE-2006-7042

Cross-site scripting XSS vulnerability in directory/index.php in Chipmunk directory allows remote attackers to inject arbitrary web script or HTML via the start parameter...

6.8CVSS5.7AI score0.00401EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by