Total
26838 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3761 | 1 Apple | 3 Iphone, Iphone Os, Safari | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain. | |||||
| CVE-2006-4568 | 1 Mozilla | 2 Firefox, Seamonkey | 2023-12-10 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks. | |||||
| CVE-2007-3977 | 1 Bwired | 1 Bwired | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bwired allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-6159 | 1 Deskpro | 1 Deskpro | 2023-12-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in DeskPRO 2.0.0 and 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) message or (2) subject parameter. | |||||
| CVE-2007-5304 | 1 Yannick Tanguy | 1 Else If Cms | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) repertimage parameter to utilisateurs/vousetesbannis.php, the (2) elseifvotetxtresultatduvote parameter to utilisateurs/votesresultats.php, and the (3) elseifforumtxtmenugeneraleduforum parameter to moduleajouter/depot/adminforum.php. | |||||
| CVE-2007-4588 | 1 Interworx | 1 Web Control Panel | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php. | |||||
| CVE-2007-6365 | 1 Bcoos | 1 Event Calendar | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the day and year vectors are covered by CVE-2007-6274. | |||||
| CVE-2007-5072 | 1 Alexander Palmo | 1 Simple Php Blog | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog) before 0.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via certain user_colors array parameters to certain user_style.php files under themes/, as demonstrated by the user_colors[bg_color] parameter. | |||||
| CVE-2006-5703 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements. | |||||
| CVE-2007-6452 | 1 Google | 1 Web Toolkit | 2023-12-10 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). | |||||
| CVE-2006-7233 | 1 Ignite Realtime | 1 Openfire | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.6.0, and possibly other versions before 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2007-6570 | 1 Sun | 2 Java System Web Proxy Server, Java System Web Server | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309. | |||||
| CVE-2007-5051 | 1 Phpgedview | 1 Phpgedview | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) box_width, (2) PEDIGREE_GENERATIONS, and (3) rootid parameters in ancestry.php, and the (4) newpid parameter in timeline.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0834 | 1 Ibm | 1 Lotus Quickr | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-6203 | 1 Apache | 1 Http Server | 2023-12-10 | 4.3 MEDIUM | N/A |
| Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. | |||||
| CVE-2007-5625 | 1 Simongibson | 1 Asp Site Search Searchsimon Lite | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site Search SearchSimon Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter. | |||||
| CVE-2008-0765 | 1 Artmedic Webdesign | 1 Artmedic Weblog | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in artmedic webdesign weblog allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to artmedic_print.php and the (2) jahrneu parameter to index.php. | |||||
| CVE-2006-6035 | 1 F-art Agency | 1 Blog Cms | 2023-12-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter. | |||||
| CVE-2008-0902 | 2 Bea, Bea Systems | 2 Weblogic Server, Weblogic Server | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694. | |||||
| CVE-2007-5427 | 1 Joomla | 2 Com Search Component, Joomla | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1. | |||||