Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0679 1 Blogphp 1 Blogphp 2017-09-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2008-0676 1 A-blog 1 A-blog 2017-09-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
CVE-2008-0722 1 Pagetool 1 Pagetool 2017-09-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Pagetool 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter in a pagetool_search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1176 1 Affiliate Market 1 Affiliate Market 2017-09-28 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in function/sideblock.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to inject arbitrary web script or HTML via the sideblock4 parameter.
CVE-2008-1229 1 Jspwiki 1 Jspwiki 2017-09-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b.
CVE-2008-1655 1 Adobe 3 Air, Flash Player, Flex 2017-09-28 4.3 MEDIUM N/A
Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
CVE-2008-1848 2 Joomla, Joomlacode 2 Joomla, Joomlaexplorer 2017-09-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter in a show_error action to index.php.
CVE-2008-1906 1 Cpcommerce 1 Cpcommerce 2017-09-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action.
CVE-2008-2022 1 Pd9 Software 1 Megabbs 2017-09-28 4.3 MEDIUM N/A
Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. NOTE: vector 2 requires authentication.
CVE-2008-2024 1 Minibb 1 Minibb 2017-09-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action.
CVE-2008-2048 1 Aspindir 1 Angelo-emlak 2017-09-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter.
CVE-2007-6110 1 Htdig 1 Htdig 2017-09-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
CVE-2007-6124 1 Softbiz 1 Freelancers Script 2017-09-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.
CVE-2007-6126 1 Project Alumni 1 Project Alumni 2017-09-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is reachable through a view action to the top-level index.php.
CVE-2007-6232 8 Ftp, Hp, Ibm and 5 more 9 Admin, Hp-ux, Tru64 and 6 more 2017-09-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
CVE-2007-6474 1 Gf 3xplorer 1 Gf 3xplorer 2017-09-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors.
CVE-2007-3977 1 Bwired 1 Bwired 2017-09-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in bwired allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-5302 1 Hp 1 Hp-ux 2017-09-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-5496 2 Redhat, Selinux 3 Enterprise Linux, Enterprise Linux Desktop, Setroubleshoot 2017-09-28 1.9 LOW N/A
Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert.
CVE-2017-1424 1 Ibm 1 Business Process Manager 2017-09-28 3.5 LOW 5.4 MEDIUM
IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477.