Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5.2-pre4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) LAST and (2) FIRST parameters to admin/staff_del_confirm.php, (3) the name parameter to admin/theme_del_confirm.php, or (4) the themeName parameter to admin/theme_preview.php.
Max CVSS
4.3
EPSS Score
0.57%
Published
2007-12-31
Updated
2018-10-15
Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before Build 033 allow remote attackers to inject arbitrary web script or HTML via the (1) KW and (2) SF parameters to forum/login_user.asp, and (3) the Date parameter to blogs.asp.
Max CVSS
4.3
EPSS Score
0.49%
Published
2007-12-31
Updated
2018-10-15
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.
Max CVSS
4.3
EPSS Score
0.34%
Published
2007-12-28
Updated
2017-09-29
Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
4.3
EPSS Score
0.19%
Published
2007-12-28
Updated
2017-08-08
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.
Max CVSS
4.3
EPSS Score
0.36%
Published
2007-12-28
Updated
2018-10-15
Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.
Max CVSS
4.3
EPSS Score
0.25%
Published
2007-12-28
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.
Max CVSS
4.3
EPSS Score
0.25%
Published
2007-12-28
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.
Max CVSS
4.3
EPSS Score
0.31%
Published
2007-12-28
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246.
Max CVSS
4.3
EPSS Score
0.25%
Published
2007-12-28
Updated
2011-03-08
Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter.
Max CVSS
4.3
EPSS Score
0.61%
Published
2007-12-28
Updated
2017-08-08
Multiple cross-site scripting (XSS) vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the conf parameter to index.php.
Max CVSS
4.3
EPSS Score
0.49%
Published
2007-12-28
Updated
2018-10-15
Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPageNav class; or (3) an avatar image to edituser.php.
Max CVSS
4.3
EPSS Score
0.49%
Published
2007-12-28
Updated
2018-10-15
Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3) newsmonth parameter in a newsarchive action to the default URI in patch/.
Max CVSS
4.3
EPSS Score
0.13%
Published
2007-12-27
Updated
2018-10-15
Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.
Max CVSS
4.3
EPSS Score
0.31%
Published
2007-12-27
Updated
2018-10-15
The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains.
Max CVSS
4.3
EPSS Score
0.49%
Published
2007-12-24
Updated
2017-08-08
Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins.
Max CVSS
4.3
EPSS Score
0.76%
Published
2007-12-24
Updated
2017-08-08
Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.
Max CVSS
7.5
EPSS Score
0.67%
Published
2007-12-20
Updated
2017-09-29
Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.22%
Published
2007-12-20
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.21%
Published
2007-12-20
Updated
2017-08-08
Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2007-12-20
Updated
2017-09-29
Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.27%
Published
2007-12-20
Updated
2011-03-08
Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes."
Max CVSS
4.3
EPSS Score
0.13%
Published
2007-12-20
Updated
2008-11-15
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function.
Max CVSS
4.3
EPSS Score
0.22%
Published
2007-12-20
Updated
2008-11-15
Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459.
Max CVSS
4.3
EPSS Score
0.50%
Published
2007-12-20
Updated
2008-09-05
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
Max CVSS
4.3
EPSS Score
0.27%
Published
2007-12-20
Updated
2018-10-15
882 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!