Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-6477 1 Citrix 1 Web Interface 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6486 1 Geek-palace.com 1 Lineshout 2017-08-07 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-6572 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.
CVE-2007-6520 1 Opera 1 Opera Browser 2017-08-07 4.3 MEDIUM N/A
Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins.
CVE-2007-6522 1 Opera 1 Opera Browser 2017-08-07 4.3 MEDIUM N/A
The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains.
CVE-2007-6564 1 Limbo Cms 1 Limbo Cms 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter.
CVE-2007-6570 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.
CVE-2007-6571 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.
CVE-2007-6588 1 Phpcredo 1 Phcdownload 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6673 1 Makale Scripti 1 Makale Scripti 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action.
CVE-2007-6669 1 Phpcredo 1 Phcdownload 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter.
CVE-2007-6674 1 Rapidshare 1 Database 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attackers to inject arbitrary web script or HTML via the Arayalim parameter.
CVE-2007-6695 1 Drake Team 1 Drake Cms 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter.
CVE-2008-0093 1 Eticket 1 Eticket 2017-08-07 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters.
CVE-2008-0925 1 Novell 1 Edirectory 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack."
CVE-2008-0124 1 S9y 1 Serendipity 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.
CVE-2005-4876 1 Ignite Realtime 1 Openfire 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-4877.
CVE-2008-1004 1 Apple 1 Safari 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.
CVE-2005-4877 1 Ignite Realtime 1 Openfire 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.3.0 Beta 2 allows remote attackers to inject arbitrary web script or HTML via Javascript events in the username parameter, a different vulnerability than CVE-2005-4876.
CVE-2008-1183 1 Crafty Syntax Live Help 1 Crafty Syntax Live Help 2017-08-07 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax Live Help (CSLH) before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) livehelp.php, (2) user_questions.php, and (3) leavemessage.php. NOTE: the lostsheep.php vector is covered by CVE-2008-0848.