Lucene search
K

3025 matches found

Cvelist
Cvelist
added 2005/04/24 4:0 a.m.23 views

CVE-2005-1231

Cross-site scripting XSS vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the 1 term or 2 description...

5.7AI score0.01939EPSS
Exploits1References3
Cvelist
Cvelist
added 2005/04/19 4:0 a.m.19 views

CVE-2005-1181

NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor h...

8.1AI score0.02523EPSS
Exploits0References3
CVE
CVE
added 2005/04/19 4:0 a.m.47 views

CVE-2005-1181

Ariadne CMS 2.4 is cited as affected by a PHP remote code injection in loader.php via the ariadne parameter referencing a remote URL. The vendor disputes the issue, arguing loader.php must include ariadne.inc (defining $ariadne) and cannot be modified by an attacker; CVE personnel have partially ...

7.5CVSS8.5AI score0.02523EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2005/04/12 4:0 a.m.45 views

CVE-2005-1049

Summary: CVE-2005-1049 describes multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC3 (and related RC4 variants) where an attacker can inject arbitrary HTML/JavaScript via the module parameter to admin.php or the op parameter to user.php. The issue is noted to exist when the ...

2.6CVSS6.1AI score0.0354EPSS
Exploits1References10Affected Software1
CVE
CVE
added 2005/04/09 4:0 a.m.43 views

CVE-2005-1030

CVE-2005-1030 affects the Active Auction House ASP application. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via parameters such as ReturnURL, password, username, and other fields (e.g., ReturnURL to...

4.3CVSS5.8AI score0.0509EPSS
Exploits1References12Affected Software1
NVD
NVD
added 2005/03/29 5:0 a.m.17 views

CVE-2005-0919

Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting XSS attacks...

4.3CVSS5.7AI score0.01374EPSS
Exploits0References7
Cvelist
Cvelist
added 2005/03/09 5:0 a.m.18 views

CVE-2005-0548

Cross-site scripting XSS vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function...

5.6AI score0.01685EPSS
Exploits4References3
Cvelist
Cvelist
added 2005/03/04 5:0 a.m.24 views

CVE-2005-0629

Multiple cross-site scripting XSS vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 user or 2 Avatar parameters...

5.8AI score0.02127EPSS
Exploits0References6
Cvelist
Cvelist
added 2005/03/04 5:0 a.m.27 views

CVE-2005-0645

Cross-site scripting XSS vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the 1 CLIENT-IP or 2 X-FORWARDED-FOR header in an HTTP POST request to shownews.php...

6.1AI score0.00938EPSS
Exploits0References2
CVE
CVE
added 2005/02/26 5:0 a.m.66 views

CVE-2004-1711

Moodle post.php XSS (CVE-2004-1711) affects Moodle prior to 1.3. The vulnerability arises from not validating the reply parameter in post.php, enabling remote XSS via crafted URLs. OpenVAS entries confirm a remote XSS in Moodle post.php by tampering with the reply variable; no explicit exploit de...

4.3CVSS5.7AI score0.0127EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2005/02/26 5:0 a.m.23 views

CVE-2004-1746

Cross-site scripting XSS vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the 1 catselect or 2 show parameters...

5.9AI score0.03596EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2005/02/20 5:0 a.m.29 views

CVE-2004-1559

Multiple cross-site scripting XSS vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 redirectto, text, popupurl, or popuptitle parameters to wp-login.php, 2 redirecturl parameter to admin-header.php, 3 popuptitle, popupurl, content, or posttit...

4.3CVSS4AI score0.06465EPSS
Exploits1
Cvelist
Cvelist
added 2005/02/20 5:0 a.m.14 views

CVE-2004-1593

Cross-site scripting XSS vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter...

5.7AI score0.01255EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2005/02/15 9:3 a.m.6 views

security flaw

prefs.php in SquirrelMail before 1.4.4, with registerglobals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers...

5CVSS5.9AI score0.01676EPSS
Exploits0References4
CVE
CVE
added 2005/02/13 5:0 a.m.45 views

CVE-2004-1442

CVE-2004-1442 describes a cross-site scripting (XSS) vulnerability in the db2www CGI interpreter of IBM Net.Data 7 and 7.2. The issue allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is mishandled in error messages such as DTWP001E. The provided sources i...

4.3CVSS5.8AI score0.04252EPSS
Exploits1References9Affected Software1
RedHat Linux
RedHat Linux
added 2005/02/10 5:10 p.m.5 views

security flaw

prefs.php in SquirrelMail before 1.4.4, with registerglobals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers...

5CVSS5.9AI score0.01676EPSS
Exploits0References4
Cvelist
Cvelist
added 2005/02/10 5:0 a.m.20 views

CVE-2005-0266

Cross-site scripting XSS vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the 1 returnmodule, 2 returnaction, 3 name, 4 module, or 5 record parameter...

5.7AI score0.01195EPSS
Exploits0References3
Cvelist
Cvelist
added 2005/02/06 5:0 a.m.23 views

CVE-2005-0075

prefs.php in SquirrelMail before 1.4.4, with registerglobals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers...

6.3AI score0.01676EPSS
Exploits0References8
NVD
NVD
added 2005/01/25 5:0 a.m.15 views

CVE-2005-0309

Multiple cross-site scripting XSS vulnerabilities in 1 index.php or 2 mod.php in Exponent 0.95 allow remote attackers to inject arbitrary web script or HTML via the module parameter...

4.3CVSS5.8AI score0.01219EPSS
Exploits0References5
NVD
NVD
added 2005/01/03 5:0 a.m.18 views

CVE-2005-0274

Multiple cross-site scripting XSS vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the 1 cat, 2 si, 3 page, or 4 ppuser parameters...

4.3CVSS5.7AI score0.01812EPSS
Exploits3References5
Rows per page
Query Builder