Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-0389 1 Mailenable 1 Mailenable 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.
CVE-2010-3056 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.
CVE-2010-0699 1 Videosearchscript 1 Videosearchscript Pro 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2010-0736 1 Viewvc 1 Viewvc 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."
CVE-2011-1671 1 Getontracks 1 Tracks 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in app/controllers/todos_controller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to todos/tag/. NOTE: some of these details are obtained from third party information.
CVE-2012-1066 1 Smartycms 1 Smartycms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the template module in SmartyCMS 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the title bar.
CVE-2012-2759 2 Netweblogic, Wordpress 2 Login With Ajax, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php.
CVE-2012-1073 1 Typo3 2 Toi Category, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1537 1 Hp 1 Proliant Support Pack 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1076 2 Robert Gonda, Typo3 2 Rtg Files, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2003-1585 1 Alentum 1 Weblog Expert 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
CVE-2003-1586 1 Iplanet 1 Webexpert 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in WebExpert allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header.
CVE-2003-1587 1 Iplanet 1 Loganpro 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in LoganPro allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header.
CVE-2011-1558 1 Ibm 1 Webi 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242.
CVE-2012-2582 1 Otrs 2 Otrs, Otrs Itsm 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
CVE-2010-1052 1 Alexandre Dubus 1 Audistat 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) mday parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2011-1570 2 Liferay, Microsoft 2 Liferay Portal, Windows 7 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
CVE-2010-1076 1 Entrylevelcms 1 El Cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-1079 1 Sawmill 1 Sawmill 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3166 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability," a different vulnerability than CVE-2013-0015.