CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6657 matches found

NVD•added 2007/01/26 1:28 a.m.•10 views

CVE-2007-0519

Cross-site scripting XSS vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field...

3.5CVSS5.3AI score0.0027EPSS

Exploits0References5

CVE•added 2007/01/26 1:0 a.m.•50 views

CVE-2007-0526

CVE-2007-0526 describes multiple XSS vulnerabilities in Bitweaver 1.3.1. The attack vectors exploit the PATH_INFO portion of the URL to inject arbitrary script/HTML via the following pages: articles/edit.php, articles/list.php, blogs/list_blogs.php, and blogs/rankings.php. Root cause is cross-sit...

4.3CVSS5.7AI score0.01631EPSS

Exploits0References7Affected Software1

Prion•added 2007/01/23 12:28 a.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 beta allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate...

6.8CVSS5.9AI score0.01631EPSS

Exploits0References7Affected Software1

NVD•added 2007/01/22 6:28 p.m.•15 views

CVE-2007-0399

Multiple cross-site scripting XSS vulnerabilities in index.php in Simple Machines Forum SMF 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the 1 recipient or 2 BCC field when selecting send in a pm action...

6CVSS5.4AI score0.01777EPSS

Exploits0References10

NVD•added 2007/01/19 11:28 p.m.•10 views

CVE-2007-0390

Cross-site scripting XSS vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter...

6.8CVSS5.7AI score0.0192EPSS

Exploits2References7

Cvelist•added 2007/01/19 7:0 p.m.•17 views

CVE-2007-0364

Multiple cross-site scripting XSS vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 errormsg parameter to a suggestcategory.php; the 2 u parameter to b userdetail.php; the 3 friendname, 4 friendemail, 5 errormsg, 6...

5.9AI score0.01545EPSS

Exploits1References19

NVD•added 2007/01/18 12:28 a.m.•16 views

CVE-2007-0302

Multiple cross-site scripting XSS vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 SessionID parameter to a Logon.aspx, and the 2 Username and 3 Update parameters to b Members1.aspx...

6.8CVSS5.8AI score0.10054EPSS

Exploits0References8

Prion•added 2007/01/18 12:28 a.m.•11 views

Cross site scripting

6.8CVSS6.1AI score0.10054EPSS

Exploits0References8Affected Software1

CVE•added 2007/01/17 12:0 a.m.•36 views

CVE-2006-6936

The CVE-2006-6936 entry describes a cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery. The vulnerability is triggered by user-supplied input in two vectors: (1) the catname parameter to displaypic.asp and (2) the search field, enabling remote attackers to inject arbitrary HTML/...

6.8CVSS5.8AI score0.04426EPSS

Exploits1References4Affected Software1

NVD•added 2007/01/16 11:28 p.m.•14 views

CVE-2007-0266

SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter...

7.5CVSS7.3AI score0.00963EPSS

Exploits0References6

Cvelist•added 2007/01/16 11:0 p.m.•22 views

CVE-2007-0258

Cross-site scripting XSS vulnerability in index.php in 1 Fastilo 2.0 and 2 Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information...

5.8AI score0.04458EPSS

Exploits1References10

Cvelist•added 2007/01/16 11:0 p.m.•18 views

CVE-2007-0249

Cross-site scripting XSS vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter...

5.7AI score0.01688EPSS

Exploits1References4

CVE•added 2007/01/16 7:0 p.m.•51 views

CVE-2006-6487

CVE-2006-6487: XSS in dt_guestbook 1.0f (index.php) when PHP register_globals is On. The vulnerability allows remote attackers to inject arbitrary script via the error[] parameter, enabling a reflected XSS in the victim’s browser. Affected product: dt_guestbook 1.0f; attack requires On register_g...

5.1CVSS5.7AI score0.00758EPSS

Exploits2References7Affected Software1

CVE•added 2007/01/13 2:0 a.m.•47 views

CVE-2007-0231

CVE-2007-0231 describes a cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33 where, if nofollow is disabled and unmoderated comments are enabled, a remote attacker can inject arbitrary web script or HTML via the Comments field. The vulnerability concerns Movable Type 3.33 and is t...

6.8CVSS5.6AI score0.0124EPSS

Exploits0References5Affected Software1

Prion•added 2007/01/12 5:4 a.m.•14 views

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contentsnew operation in the adcontents section...

6.8CVSS6.1AI score0.01009EPSS

Exploits0References4

Prion•added 2007/01/09 6:28 p.m.•13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter in a delete-announce.php; the 2 Announcement form field in b staff.php; the 3 Client Name, 4 Business Name, 5 Street, 6 Address 2, 7...

6CVSS6.1AI score0.02686EPSS

Exploits0References10Affected Software1

Cvelist•added 2007/01/09 6:0 p.m.•17 views

CVE-2007-0144

Cross-site scripting XSS vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter...

5.3AI score0.05131EPSS

Exploits0References4

Prion•added 2007/01/09 11:28 a.m.•15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the 1 filter and 2 system modules. NOTE: some of these details are obtained from third party information...

4.3CVSS5.9AI score0.00738EPSS

Exploits0References8Affected Software1

Prion•added 2007/01/09 2:28 a.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

6.8CVSS6.1AI score0.07101EPSS

Exploits1References7Affected Software1

Cvelist•added 2007/01/05 2:0 a.m.•14 views

CVE-2004-2670

Multiple cross-site scripting XSS vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter in a viewcat operation or 2 the query parameter in a search operation in the publisher module...

5.8AI score0.08229EPSS

Exploits1References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by