Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5067 | 1 Kkeim | 1 Kmita Catalogue | 2008-11-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Kmita Catalogue 2.x allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4571 | 1 Plone | 1 Plone | 2008-11-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag. | |||||
| CVE-2008-3966 | 1 Mybb | 1 Mybb | 2008-11-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php. | |||||
| CVE-2007-6677 | 2 Peters Software, Wordpress | 2 Random Anti-spam Image, Wordpress | 2008-11-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form. | |||||
| CVE-2007-6687 | 1 Menalto | 1 Gallery | 2008-11-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module. | |||||
| CVE-2007-6696 | 1 Webcalendar | 1 Webcalendar | 2008-11-14 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication. | |||||
| CVE-2007-6611 | 1 Mantis | 1 Mantis | 2008-11-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php. | |||||
| CVE-2007-6617 | 1 Atlassian | 1 Jira | 2008-11-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6643 | 1 Joomla | 1 Joomla | 2008-11-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-6308 | 1 Httplogger | 1 Httplogger | 2008-11-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-6363 | 1 Ibm | 1 Tivoli Netcool Security Manager | 2008-11-14 | 2.1 LOW | N/A |
| IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without entering a password. | |||||
| CVE-2007-6461 | 1 Flyspray | 1 Flyspray | 2008-11-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function. | |||||
| CVE-2007-6463 | 1 Php Real Estate Script | 1 Classifieds | 2008-11-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes." | |||||
| CVE-2007-5952 | 1 Helioscalendar | 1 Helios Calendar | 2008-11-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5982 | 1 X7 Group | 1 X7 Chat | 2008-11-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php. | |||||
| CVE-2007-5648 | 1 Rnote | 1 Rnote | 2008-11-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in rNote 0.9.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) d or the (2) u parameter. | |||||
| CVE-2007-5547 | 1 Cisco | 1 Ios | 2008-11-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-5235 | 1 Uebimiau | 1 Uebimiau | 2008-11-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Uebimiau 2.7.2 through 2.7.10 allows remote attackers to inject arbitrary web script or HTML via the f_email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5280 | 1 Appfuse | 1 Appfuse | 2008-11-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in AppFuse before 2.0 Final allow remote attackers to inject arbitrary web script or HTML via unspecified input that is recorded in (1) success or (2) error messages. | |||||
| CVE-2007-4882 | 1 Techexcel Inc. | 1 Customerwise | 2008-11-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TechExcel CustomerWise (formerly TechExcel CRM) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||