Total
30620 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3205 | 1 Oracle | 1 Database Server | 2024-11-21 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table. | |||||
| CVE-2005-3047 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php. | |||||
| CVE-2005-2981 | 1 Orionserver | 1 Orion Application Server | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. | |||||
| CVE-2005-2818 | 1 Eric Fichot | 1 Downfile | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to (1) email.php,(2) index.php, (3) del.php, or (4) add_form.php. | |||||
| CVE-2005-2406 | 1 Opera | 1 Opera Browser | 2024-11-20 | 4.3 MEDIUM | N/A |
| Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a user into dragging an image that is a "javascript:" URI. | |||||
| CVE-2005-2350 | 1 Websieve Project | 1 Websieve | 2024-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface. | |||||
| CVE-2005-2254 | 1 Gianluca Baldo | 1 Phpauction | 2024-11-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description. | |||||
| CVE-2005-2022 | 1 Sun | 2 Iplanet Messaging Server, One Messaging Server | 2024-11-20 | 4.3 MEDIUM | N/A |
| Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2005-1778 | 1 Postnuke Software Foundation | 1 Postnuke | 2024-11-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter. | |||||
| CVE-2005-1669 | 1 Opera | 1 Opera Browser | 2024-11-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains. | |||||
| CVE-2005-1619 | 1 Phpheaven | 1 Phpmychat | 2024-11-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. NOTE: it was later reported that 0.14.5 is also affected. | |||||
| CVE-2005-1486 | 1 Fishnet | 1 Fishcart | 2024-11-20 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable. | |||||
| CVE-2005-1006 | 1 Sonicwall | 2 Soho, Soho Firmware | 2024-11-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | |||||
| CVE-2005-0896 | 1 Accomplishtechnology | 1 Phpmydirectory | 2024-11-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter. | |||||
| CVE-2005-0563 | 1 Microsoft | 1 Exchange Server | 2024-11-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("javAsc
ript:") in an IMG tag. | |||||
| CVE-2005-0543 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php. | |||||
| CVE-2005-0485 | 1 Phparena | 1 Panews | 2024-11-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter. | |||||
| CVE-2005-0477 | 1 Invision Power Services | 1 Invision Power Board | 2024-11-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url. | |||||
| CVE-2005-0251 | 1 Guillaumegardey | 1 Biborb | 2024-11-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter. | |||||
| CVE-2004-2765 | 2 Redhat, Sun | 4 Enterprise Linux, Iplanet Messaging Server, One Messaging Server and 1 more | 2024-11-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. | |||||