Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5486 | 1 Sun | 2 Iplanet Messaging Server, Java System Messaging Server | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages. | |||||
| CVE-2006-4542 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2017-07-20 | 6.8 MEDIUM | N/A |
| Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. | |||||
| CVE-2006-4727 | 1 Tumbleweed | 1 Email Firewall | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in emfadmin/statusView.do in Tumbleweed EMF Administration Module 6.2.2 Build 4123, and possibly other versions before 6.3.2, allows remote attackers to inject arbitrary web script or HTML via the (1) lineId and (2) sort parameters. | |||||
| CVE-2006-5080 | 1 Six Apart | 1 Movable Type | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-3138 | 1 Accomplishtechnology | 1 Phpmydirectory | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3) action parameter in cp/admin_index.php. | |||||
| CVE-2006-3240 | 1 Dotproject | 1 Dotproject | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter. | |||||
| CVE-2006-3306 | 1 Zoid Technologies | 1 Project Eros Bbsengine | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the preparestring function in lib/common.php in Project EROS bbsengine before 20060501-0142-jam, and possibly earlier versions dating back to 2006-02-23, might allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2006-4067 | 1 Cakefoundation | 1 Cakephp | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-4299 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3087 | 1 Ezgallery | 1 Ezgallery | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pUserID, (2) aid, (3) aname, (4) uid, and (5) m parameter in (a) common/galleries.asp; (6) aid, (7) aname, (8) uid, (9) m, (10) gp, and (11) g parameter in (b) common/pupload.asp; and (12) msg, (13) fn and (14) gp parameter in (c) common/upload.asp. | |||||
| CVE-2006-2800 | 1 Unak | 1 Unak Cms | 2017-07-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u_a or (2) u_s parameters. NOTE: this might be resultant from SQL injection. | |||||
| CVE-2006-2178 | 1 Smartwin Technology | 1 Cyberoffice Warehouse Builder | 2017-07-20 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter to browse0.htm, (3) rowcolor parameter to result.asp, or (4) heading parameter to result.asp. NOTE: vectors 1 and 2 might be resultant from SQL injection. | |||||
| CVE-2006-2649 | 1 Cosmicphp | 1 Cosmicshoppingcart | 2017-07-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) search_price.php, and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php. | |||||
| CVE-2006-2181 | 1 Albinator | 1 Albinator | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to dlisting.php or (2) preloadSlideShow parameter to showpic.php. | |||||
| CVE-2006-2796 | 1 New-place | 1 Captivate | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message. | |||||
| CVE-2006-2417 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031. | |||||
| CVE-2006-2351 | 1 Ipswitch | 1 Whatsup Professional | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. | |||||
| CVE-2006-2420 | 1 Mozilla | 1 Bugzilla | 2017-07-20 | 4.3 MEDIUM | N/A |
| Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting (XSS) attacks via a title element with HTML encoded sequences such as ">", which are automatically decoded by some RSS readers. NOTE: this issue is not in Bugzilla itself, but rather due to design or documentation inconsistencies within RSS, or implementation vulnerabilities in RSS readers. While this issue normally would not be included in CVE, it is being identified since the Bugzilla developers have addressed it. | |||||
| CVE-2006-1417 | 1 Caloris Planitia Technologies | 1 Web Quiz Pro | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planitia Online Quiz System (aka Web Quiz pro), possibly 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) exam parameter in prequiz.asp or (2) msg parameter in student.asp. | |||||
| CVE-2006-1750 | 1 Jmb Software | 1 Autogallery | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Autogallery 0.41 allow remote attackers to inject arbitrary web script or HTML via the (1) pic or (2) show parameters. | |||||
| CVE-2006-1760 | 1 Jetphotosoft.com | 1 Jetphoto | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php. | |||||
| CVE-2006-0800 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-20 | 2.6 LOW | N/A |
| Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php. | |||||
| CVE-2006-0842 | 1 Calacode | 1 Atmail Webmail System | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "java	script:." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0101 | 1 Sblog | 1 Sblog | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in (a) index.php and (b) search.php. | |||||
| CVE-2006-0663 | 1 Ibm | 1 Lotus Domino Inotes Client | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename. | |||||
| CVE-2005-4060 | 1 Rainworx | 1 Rwauction Pro | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. | |||||
| CVE-2006-0533 | 1 Cpanel | 1 Cpanel | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter. | |||||
| CVE-2006-0364 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "javascript". | |||||
| CVE-2016-6019 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2017-07-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116739. | |||||
| CVE-2016-8952 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2017-07-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118839. | |||||
| CVE-2017-11128 | 1 Bolt | 1 Bolt Cms | 2017-07-19 | 3.5 LOW | 5.4 MEDIUM |
| Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry. | |||||
| CVE-2017-11127 | 1 Bolt | 1 Bolt Cms | 2017-07-19 | 3.5 LOW | 5.4 MEDIUM |
| Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. | |||||
| CVE-2017-1000054 | 1 Rocketchat | 1 Rocket.chat | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages. | |||||
| CVE-2017-1000063 | 1 Kitto Project | 1 Kitto | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure | |||||
| CVE-2017-1000032 | 1 Cacti | 1 Cacti | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php. | |||||
| CVE-2017-7663 | 1 Apache | 1 Openmeetings | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. | |||||
| CVE-2017-7666 | 1 Apache | 1 Openmeetings | 2017-07-19 | 6.8 MEDIUM | 8.8 HIGH |
| Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. | |||||
| CVE-2017-3103 | 1 Adobe | 1 Connect | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack. | |||||
| CVE-2017-3102 | 1 Adobe | 1 Connect | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack. | |||||
| CVE-2017-1208 | 1 Ibm | 1 Maximo Asset Management | 2017-07-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123778. | |||||
| CVE-2017-11195 | 1 Pulsesecure | 1 Pulse Connect Secure | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this. | |||||
| CVE-2017-10975 | 1 Lutim Project | 1 Lutim | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despite the appearance of an XSS payload in the filename. | |||||
| CVE-2017-11194 | 1 Pulsesecure | 1 Pulse Connect Secure | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc. | |||||
| CVE-2017-2194 | 1 Ipa | 1 Icodechecker | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4833 | 1 Nofollow Links Project | 1 Nofollow Links | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-9419 | 1 Webhammer | 1 Wp-custom-fields-search | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter. | |||||
| CVE-2017-9288 | 1 Raygun | 1 Raygun4wp | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). | |||||
| CVE-2017-2224 | 1 Web-dorado | 1 Event Calendar Wd | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-9420 | 1 Sunnythemes | 1 Spiffy Calendar | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter. | |||||
| CVE-2017-2683 | 1 Siemens | 1 Ruggedcom Network Management Software | 2017-07-17 | 4.3 MEDIUM | 8.2 HIGH |
| A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions. | |||||