CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6657 matches found

NVD•added 2006/04/13 1:6 a.m.•11 views

CVE-2006-1760

Multiple cross-site scripting XSS vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in 1 Classic.view/thumbnail.php, 2 Classic.view/gallery.php, 3 Classic.view/detail.php, or 4 Orange.view/detail.php; or 5 the name parameter in...

4.3CVSS5.8AI score0.0075EPSS

Exploits1References9

CVE•added 2006/04/12 10:0 p.m.•42 views

CVE-2006-1745

This CVE concerns Bitweaver 1.3 and an input handling flaw in login.php that allows cross-site scripting via the error parameter. The vulnerability is an XSS in a web login page component, with the root cause being improper handling/encoding of user-supplied data in the error parameter. The provi...

2.6CVSS5.6AI score0.00401EPSS

Exploits1References3Affected Software1

Prion•added 2006/04/11 11:2 p.m.•20 views

Cross site scripting

Cross-site scripting XSS vulnerability in vtibin/vtiadm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the 1...

6.8CVSS6.3AI score0.28321EPSS

Exploits1References11Affected Software1

NVD•added 2006/04/11 11:2 p.m.•9 views

CVE-2006-1713

Cross-site scripting XSS vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter...

6.8CVSS5.7AI score0.00416EPSS

Exploits1References4

NVD•added 2006/04/11 11:2 p.m.•8 views

CVE-2006-1717

Cross-site scripting XSS vulnerability in newthread.php in MyBB aka MyBulletinBoard 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username...

5.1CVSS5.7AI score0.00874EPSS

Exploits0References4

Cvelist•added 2006/04/11 11:0 p.m.•24 views

CVE-2006-0015

5.9AI score0.28321EPSS

Exploits1References11

UbuntuCve•added 2006/04/11 7:6 p.m.•24 views

CVE-2006-1712

Cross-site scripting XSS vulnerability in the private archive script private.py in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument...

2.6CVSS5.9AI score0.00558EPSS

Exploits0References1

Prion•added 2006/04/11 10:2 a.m.•11 views

Cross site scripting

Cross-site scripting XSS vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the username parameter...

6.8CVSS6.1AI score0.01724EPSS

Exploits0References8Affected Software1

Prion•added 2006/04/11 12:2 a.m.•30 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory...

4.3CVSS5.8AI score0.0103EPSS

Exploits0References10Affected Software1

CVE•added 2006/04/10 11:0 p.m.•47 views

CVE-2006-1682

CVE-2006-1682 describes a cross-site scripting (XSS) vulnerability in webplus.exe within TalentSoft Web+Shop 5.0 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, potentially involving the webpshop/ department.wml script. The descrip...

4.3CVSS5.8AI score0.00614EPSS

Exploits1References5Affected Software1

NVD•added 2006/04/10 7:2 p.m.•18 views

CVE-2006-1674

Cross-site scripting XSS vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675...

2.6CVSS5.5AI score0.00351EPSS

Exploits1References1

CVE•added 2006/04/10 7:0 p.m.•54 views

CVE-2006-1674

CVE-2006-1674 affects PHPWebGallery 1.4.1, with a Cross-site Scripting (XSS) flaw in search.php where the id parameter can inject arbitrary script/HTML. The Red Hat advisory confirms the same vulnerability but does not provide patch details in the excerpt; other connected records reiterate the is...

2.6CVSS5.6AI score0.00351EPSS

Exploits1References1Affected Software1

Prion•added 2006/04/07 10:4 a.m.•17 views

Cross site scripting

Cross-site scripting XSS vulnerability in vbugs.php in DarkWizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter...

2.6CVSS6.2AI score0.00685EPSS

Exploits0References6Affected Software1

CVE•added 2006/04/06 10:0 a.m.•43 views

CVE-2006-1634

CVE-2006-1634 corresponds to a cross-site scripting (XSS) vulnerability in LucidCMS 2.0.0 RC4, exploitable via the command parameter in index.php. The XSS could allow remote attackers to inject arbitrary script/HTML. Affected product is LucidCMS 2.0.0 RC4; root cause is improper handling of user-...

4.3CVSS5.9AI score0.00401EPSS

Exploits1References3Affected Software1

NVD•added 2006/04/05 10:4 a.m.•15 views

CVE-2006-1622

Cross-site scripting XSS vulnerability in PHPSelect linksubmit allows remote attackers to inject arbitrary web script or HTML via 1 the description parameter to linklist.php and possibly other vectors involving 2 index.php and 3 linksubmit.php...

6.8CVSS5.8AI score0.00867EPSS

Exploits0References2

Prion•added 2006/04/04 10:4 a.m.•18 views

Cross site scripting

Cross-site scripting XSS vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the curpassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

4.3CVSS5.8AI score0.00527EPSS

Exploits0References6Affected Software1

Cvelist•added 2006/04/03 2:0 p.m.•16 views

CVE-2006-1434

Cross-site scripting XSS vulnerability in inscription.php in Annuaire Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field COMMENTAIRE parameter...

5.7AI score0.0124EPSS

Exploits0References5

Prion•added 2006/04/02 9:4 p.m.•11 views

Design/Logic Flaw

Unspecified vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to fopen function calls or file uploads. NOTE: post-disclosure analysis by CVE suggests that the "page" paramet...

6.4CVSS7.2AI score0.03359EPSS

Exploits0References3Affected Software1

Prion•added 2006/04/02 9:4 p.m.•11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in viewallset.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 startday, 2 startyear, and 3 startmonth parameters...

6.8CVSS5.9AI score0.02028EPSS

Exploits1References8Affected Software1

Prion•added 2006/04/01 12:4 a.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in Esqlanelapse 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors...

4.3CVSS6.2AI score0.00527EPSS

Exploits0References6Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by