Vulnerabilities (CVE)

Filtered by CWE-79
Total 44966 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1865 1 Bblog 1 Bblog 2026-06-16 3.5 LOW 4.8 MEDIUM
Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability.
CVE-2004-1863 1 Xmb Forum 1 Xmb 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php.
CVE-2004-1424 1 Moodle 1 Moodle 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2004-1417 1 Psychostats 1 Psychostats 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.
CVE-2004-0678 1 12planet 1 Chat Server 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in 12Planet Chat Server 2.9 allows remote attackers to execute arbitrary script as other users via the page parameter.
CVE-2004-0203 1 Microsoft 1 Exchange Server 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.
CVE-2004-0067 1 Phpgedview 1 Phpgedview 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.
CVE-2003-5003 1 Ibm 1 Iss Blackice Pc Protection 2026-06-16 4.3 MEDIUM 5.0 MEDIUM
A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2003-1587 1 Iplanet 1 Loganpro 2026-06-16 5.0 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in LoganPro allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header.
CVE-2003-1586 1 Iplanet 1 Webexpert 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebExpert allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header.
CVE-2003-1585 1 Alentum 1 Weblog Expert 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
CVE-2003-1584 1 Surfstats 1 Surfstats 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SurfStats allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
CVE-2003-1583 1 Webtrends 1 Webtrends Log Analyzer 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebTrends allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
CVE-2003-1582 1 Microsoft 1 Internet Information Server 2026-06-16 2.6 LOW N/A
Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
CVE-2003-1581 1 Apache 1 Http Server 2026-06-16 2.6 LOW N/A
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
CVE-2003-1577 1 Sun 1 One Web Server 2026-06-16 2.6 LOW N/A
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316.
CVE-2003-1556 1 Cgi City 1 Cc Guestbook 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) homepage_title (webpage title) parameters.
CVE-2003-1554 1 Scoznet 1 Scozbook 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables.
CVE-2003-1549 1 Myabracadaweb 1 Myabracadaweb 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in header.php in MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the ma_kw parameter.
CVE-2003-1547 1 Francisco Burzi 1 Php-nuke 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter.