Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6637 | 1 Adobe | 1 Flash Player | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1. | |||||
| CVE-2008-1176 | 1 Affiliate Market | 1 Affiliate Market | 2017-09-29 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in function/sideblock.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to inject arbitrary web script or HTML via the sideblock4 parameter. | |||||
| CVE-2008-0398 | 1 Aflog | 1 Aflog | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form. | |||||
| CVE-2008-1906 | 1 Cpcommerce | 1 Cpcommerce | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action. | |||||
| CVE-2008-2022 | 1 Pd9 Software | 1 Megabbs | 2017-09-29 | 4.3 MEDIUM | N/A |
| Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. NOTE: vector 2 requires authentication. | |||||
| CVE-2008-0676 | 1 A-blog | 1 A-blog | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter. | |||||
| CVE-2008-2048 | 1 Aspindir | 1 Angelo-emlak | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter. | |||||
| CVE-2007-6124 | 1 Softbiz | 1 Freelancers Script | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. | |||||
| CVE-2007-6232 | 8 Ftp, Hp, Ibm and 5 more | 9 Admin, Hp-ux, Tru64 and 6 more | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action. | |||||
| CVE-2007-6126 | 1 Project Alumni | 1 Project Alumni | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is reachable through a view action to the top-level index.php. | |||||
| CVE-2007-6474 | 1 Gf 3xplorer | 1 Gf 3xplorer | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors. | |||||
| CVE-2007-5302 | 1 Hp | 1 Hp-ux | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-5496 | 2 Redhat, Selinux | 3 Enterprise Linux, Enterprise Linux Desktop, Setroubleshoot | 2017-09-29 | 1.9 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert. | |||||
| CVE-2007-6110 | 1 Htdig | 1 Htdig | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. | |||||
| CVE-2007-3977 | 1 Bwired | 1 Bwired | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bwired allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-1424 | 1 Ibm | 1 Business Process Manager | 2017-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477. | |||||
| CVE-2015-3296 | 1 Nodebb | 1 Nodebb | 2017-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs. | |||||
| CVE-2017-14621 | 1 Suse | 1 Portus | 2017-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Portus 2.2.0 has XSS via the Team field, related to typeahead. | |||||
| CVE-2017-14715 | 1 Telaxius | 1 Epesi | 2017-09-28 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter. | |||||
| CVE-2017-14714 | 1 Telaxius | 1 Epesi | 2017-09-28 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. | |||||