CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6657 matches found

EUVD•added 2007/02/21 11:0 p.m.•4 views

EUVD-2007-1047

Multiple cross-site scripting XSS vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via 1 the go parameter, 2 the keyword parameter in the search menu go=search, or 3 the username or 4 the password in a go=Login action...

4.3CVSS5.9AI score0.09186EPSS

Exploits1References10

OSV•added 2007/02/21 5:28 p.m.•8 views

CVE-2007-1049

Cross-site scripting XSS vulnerability in the wpexplainnonce function in the nonce AYS functionality wp-includes/functions.php for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and...

5.6AI score

Exploits0References10

NVD•added 2007/02/15 2:28 a.m.•17 views

CVE-2007-0953

Cross-site scripting XSS vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter...

4.3CVSS5.7AI score0.00527EPSS

Exploits0References7

CVE•added 2007/02/15 2:0 a.m.•52 views

CVE-2007-0953

CVE-2007-0953 is an XSS vulnerability in the @Mail product (search.pl) up to version 4.61. The issue occurs when processing the keywords parameter in the search function, allowing remote attackers to inject arbitrary web script or HTML. Exploitation details are not provided in the connected docum...

4.3CVSS5.7AI score0.00527EPSS

Exploits0References7Affected Software1

NVD•added 2007/02/14 11:28 a.m.•11 views

CVE-2007-0922

Cross-site scripting XSS vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string...

4.3CVSS5.7AI score0.00409EPSS

Exploits1References4

CVE•added 2007/02/12 11:0 p.m.•67 views

CVE-2007-0890

CVE-2007-0890 is an XSS vulnerability in cPanel WebHost Manager (WHM) up to version 11.0.0, in the scripts/passwdmysql component. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the password parameter. The provided connected documents confirm the affected prod...

4.3CVSS5.9AI score0.05656EPSS

Exploits1References6Affected Software1

CVE•added 2007/02/08 2:0 a.m.•61 views

CVE-2007-0840

CVE-2007-0840 is an XSS flaw in HLstats (HLstats.php) affecting HLstats up to version 1.35. Connected records specify vulnerable parameters: (1) authusername and (2) authpassword in HLstats.php, enabling remote attackers to inject arbitrary web script or HTML. The issue is tied to HLstats’ search...

6.8CVSS5.4AI score0.01009EPSS

Exploits0References4Affected Software1

NVD•added 2007/02/07 11:28 a.m.•15 views

CVE-2007-0807

Cross-site scripting XSS vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title aka room name that is not properly handled by the "who's online" feature...

6.8CVSS5.5AI score0.01631EPSS

Exploits0References6

Prion•added 2007/02/07 11:28 a.m.•9 views

Cross site scripting

Cross-site scripting XSS vulnerability in Home production MySearchEngine allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.0052EPSS

Exploits0References5

Prion•added 2007/02/07 11:28 a.m.•19 views

Cross site scripting

Cross-site scripting XSS vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page...

4.3CVSS6.2AI score0.04251EPSS

Exploits0References7Affected Software1

Prion•added 2007/02/07 11:28 a.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in imagesarchive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. NOTE: the thumbnails.asp vector is already covered by CVE-2006-3023...

4.3CVSS5.6AI score0.00427EPSS

Exploits0References5Affected Software1

CVE•added 2007/02/07 11:0 a.m.•53 views

CVE-2007-0815

CVE-2007-0815 is an XSS vulnerability in Uapplication Uphotogallery 1.1: the images_archive.asp endpoint is vulnerable to script/HTML injection via the s parameter. The vulnerability requires authenticated remote administrators. The thumbnails.asp vector is already covered by CVE-2006-3023.

4.3CVSS5.2AI score0.00427EPSS

Exploits0References5Affected Software1

CVE•added 2007/02/06 7:0 p.m.•69 views

CVE-2007-0798

CVE-2007-0798 affects Ublog Reload 1.0.5. The issue comprises multiple cross-site scripting (XSS) vulnerabilities allowing an attacker to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp (remote, unauthenticated) and (2–4) badword.asp, polls.asp, and users.asp (remo...

4.3CVSS5.5AI score0.00847EPSS

Exploits0References8Affected Software1

Prion•added 2007/02/06 2:28 a.m.•23 views

Cross site scripting

Cross-site scripting XSS vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly...

6.8CVSS5.9AI score0.01465EPSS

Exploits0References5Affected Software1

NVD•added 2007/02/06 2:28 a.m.•20 views

CVE-2007-0768

Multiple cross-site scripting XSS vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the 1 First Name, 2 Last Nam...

4.3CVSS5.8AI score0.00685EPSS

Exploits0References6

Prion•added 2007/02/06 2:28 a.m.•19 views

Cross site scripting

4.3CVSS6AI score0.00685EPSS

Exploits0References6Affected Software1

Prion•added 2007/01/31 1:28 a.m.•16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Free LAN Intra|ternet Portal FLIP before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in 1 inc.page.php and 2 inc.text.php...

6.8CVSS5.9AI score0.01009EPSS

Exploits0References4Affected Software1

Cvelist•added 2007/01/30 6:0 p.m.•24 views

CVE-2007-0590

Cross-site scripting XSS vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter...

5.7AI score0.00876EPSS

Exploits0References2

NVD•added 2007/01/29 5:28 p.m.•13 views

CVE-2007-0553

Multiple cross-site scripting XSS vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the 1 datarealm and 2 url parameters, different vectors than CVE-2004-2604. NOTE: some of these details are obtained from third party...

6.8CVSS5.6AI score0.01009EPSS

Exploits0References4

Cvelist•added 2007/01/29 5:0 p.m.•14 views

CVE-2007-0547

Cross-site scripting XSS vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.7AI score0.00346EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by