Search
Total
6403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0558 | 1 Uniwin | 1 Ecart Professional | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0540 | 1 Trixbox | 1 Trixbox | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/. | |||||
| CVE-2008-0181 | 1 Liferay | 1 Liferay Enterprise Portal | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message. | |||||
| CVE-2008-0180 | 1 Liferay | 1 Liferay Enterprise Portal | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile. | |||||
| CVE-2008-0381 | 1 Mahara | 1 Mahara | 2008-09-05 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files. | |||||
| CVE-2008-0334 | 1 Pmachine | 1 Pmachine Pro | 2008-09-05 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in pm/language/spanish/preferences.php in PMachine Pro 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the L_PREF_NAME[855] parameter. | |||||
| CVE-2008-0178 | 1 Liferay | 1 Liferay Enterprise Portal | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||||
| CVE-2008-0179 | 1 Liferay | 1 Liferay Enterprise Portal | 2008-09-05 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. | |||||
| CVE-2007-6365 | 1 Bcoos | 1 Event Calendar | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the day and year vectors are covered by CVE-2007-6274. | |||||
| CVE-2007-6460 | 1 Anon Proxy Server | 1 Anon Proxy Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459. | |||||
| CVE-2007-6090 | 1 Nuked-klan | 1 Nuked-klan | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5179 | 1 Y\&k Iletisim Formu | 1 Y\&k Iletisim Formu | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in Y&K Iletisim Formu allow remote attackers to inject arbitrary web script or HTML via the (1) ad, (2) sehir, (3) yas, (4) cins, (5) tel, (6) mail, and (7) mesaj parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5142 | 1 Solidweb | 1 Novus | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb Novus 1.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4741 | 1 Claroline | 1 Claroline | 2008-09-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5091 | 1 Egroupware | 1 Egroupware | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php. | |||||
| CVE-2007-4557 | 1 Novell | 1 Groupwise Webaccess | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2. | |||||
| CVE-2006-3924 | 1 Dokeos | 1 Dokeos | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-3579 | 1 Fujitsu | 1 Serverview | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-0535 | 1 Communityserver.org | 1 Community Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Community Server allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: this candidate does not contain any actionable or distinguishing information. Perhaps it should not be included in CVE. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2004-2756 | 1 Xoops | 1 Xoops | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id parameters. | |||||
| CVE-2004-2752 | 1 Postnuke Software Foundation | 1 Postnuke | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action. | |||||
| CVE-2003-1539 | 1 Onedotoh | 1 Simple File Manager | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manager (SFM) before 0.21 allows remote attackers to inject arbitrary web script or HTML via (1) file names and (2) directory names. | |||||
| CVE-2003-1511 | 1 Bajie | 1 Java Http Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.95 through 0.95zxv4 allows remote attackers to inject arbitrary web script or HTML via (1) the query string to test.txt, (2) the guestName parameter to the custMsg servlet, or (3) the cookiename parameter to the CookieExample servlet. | |||||
| CVE-2002-2359 | 1 Mozilla | 1 Mozilla | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL. | |||||
| CVE-2002-2362 | 1 Sourceforge | 1 Mymarket | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in form_header.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter. | |||||
| CVE-2002-2364 | 1 Sourceforge | 1 Php Ticket | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a help ticket. | |||||
| CVE-2002-2376 | 1 Leung | 1 E-guest | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the (1) full name, (2) email, (3) homepage, and (4) location parameters. NOTE: this issue might overlap CVE-2005-1605. | |||||
| CVE-2002-2377 | 1 Sephiroth32 | 1 Zap Book | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field. | |||||
| CVE-2002-2378 | 1 Nakata | 1 An Httpd | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page. | |||||
| CVE-2002-2386 | 1 Xoops | 1 Xoops | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag. | |||||
| CVE-2002-2422 | 1 Compaq | 1 Insight Management Agent | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message. | |||||
| CVE-2002-2418 | 1 Acfp Project | 1 Acfreeproxy | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) 1.33 beta 7 allows remote attackers to inject arbitrary web script or HTML via the URL, which is inserted into an error page. | |||||
| CVE-2002-2424 | 1 Ekilat Llc | 1 Php\(reactor\) | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag. | |||||
| CVE-2002-2358 | 1 Opera Software | 1 Opera Web Browser | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL. | |||||
| CVE-2002-2343 | 1 Nocc | 1 Nocc | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages. | |||||
| CVE-2002-2341 | 1 Sonicwall | 1 Soho3 | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL. | |||||
| CVE-2002-2348 | 1 Authoria | 1 Authoria | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR allows remote attackers to inject arbitrary web script or HTML via the command parameter. | |||||
| CVE-2002-2347 | 1 Oracle | 1 Application Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field. | |||||
| CVE-2002-2318 | 1 Blueface | 1 Falcon Web Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 error messages and executed by 404 error messages. | |||||
| CVE-2002-2339 | 1 Script Shed | 1 Ssgbook | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) image=right, (4) img=right, (5) image=left, and (6) img=left tags. | |||||
| CVE-2002-2350 | 1 Phpoutsourcing | 1 Zorum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter. | |||||
| CVE-2002-2321 | 1 Phplinkat | 1 Phplinkat | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) addyoursite.php in phpLinkat 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the catid parameter. | |||||
| CVE-2002-1958 | 1 Kmmail | 1 Kmmail | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b allows remote attackers to inject arbitrary web script or HTML via (1) javascript in onmouseover or other attributes in "safe" HTML tags such as the "b" tag, or (2) the Subject field. | |||||
| CVE-2008-3935 | 1 D-ic | 2 Shop V50, Shop V52 | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-3937 | 1 Opendb | 1 Opendb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php. | |||||
| CVE-2007-5954 | 1 Jlmforo System | 1 Jlmforo System | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2002-2230 | 1 Ikonboard | 1 Ikonboard | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via a private message with a javascript: URL in the IMG tag, in which the URL ends in a ".gif" or ".jpg" string, a variant of CVE-2002-0328. | |||||
| CVE-2008-1299 | 2 Manageengine, Microsoft | 2 Servicedesk Plus, Windows | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3397 | 1 Runesoft | 1 Cerberus Cms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie. | |||||
| CVE-2007-4040 | 1 Microsoft | 2 Outlook, Outlook Express | 2008-09-05 | 4.3 MEDIUM | N/A |
| Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. | |||||