Explore CVEs related to XSS vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing XSS CVEs published in 2007. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2007-6608 | Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5.2-pre4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) LAST and (2) FIRST parameters to admin/staff_del_confirm.php, (3) the name parameter to admin/theme_del_confirm.php, or (4) the themeName parameter to admin/theme_preview.php. | 4.3 | 2.77% | 2007-12-31 | 2026-04-23 |
| CVE-2007-6597 | Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before Build 033 allow remote attackers to inject arbitrary web script or HTML via the (1) KW and (2) SF parameters to forum/login_user.asp, and (3) the Date parameter to blogs.asp. | 4.3 | 4.06% | 2007-12-31 | 2026-04-23 |
| CVE-2007-6589 | The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947. | 4.3 | 0.58% | 2007-12-28 | 2026-04-23 |
| CVE-2007-6588 | Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 4.3 | 0.25% | 2007-12-28 | 2026-04-23 |
| CVE-2007-6574 | Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php. | 4.3 | 0.65% | 2007-12-28 | 2026-04-23 |
| CVE-2007-6572 | Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204. | 4.3 | 0.29% | 2007-12-28 | 2026-04-23 |
| CVE-2007-6571 | Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356. | 4.3 | 0.29% | 2007-12-28 | 2026-04-23 |
| CVE-2007-6570 | Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309. | 4.3 | 0.88% | 2007-12-28 | 2026-04-23 |
| CVE-2007-6569 | Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246. | 4.3 | 0.56% | 2007-12-28 | 2026-04-23 |
| CVE-2007-6564 | Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter. | 4.3 | 2.84% | 2007-12-28 | 2026-04-23 |
| CVE-2007-6560 | Multiple cross-site scripting (XSS) vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the conf parameter to index.php. | 4.3 | 0.75% | 2007-12-28 | 2026-04-23 |
| CVE-2007-6545 | Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPageNav class; or (3) an avatar image to edituser.php. | 4.3 | 8.17% | 2007-12-28 | 2026-04-23 |
| CVE-2007-6541 | Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3) newsmonth parameter in a newsarchive action to the default URI in patch/. | 4.3 | 0.22% | 2007-12-27 | 2026-04-23 |
| CVE-2007-6526 | Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter. | 4.3 | 0.79% | 2007-12-27 | 2026-04-23 |
| CVE-2007-6522 | The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. | 4.3 | 1.36% | 2007-12-24 | 2026-04-23 |
| CVE-2007-6520 | Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. | 4.3 | 0.88% | 2007-12-24 | 2026-04-23 |
| CVE-2007-6486 | Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information. | 4.3 | 0.29% | 2007-12-20 | 2026-04-23 |
| CVE-2007-6477 | Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 | 0.65% | 2007-12-20 | 2026-04-23 |
| CVE-2007-6474 | Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors. | 4.3 | 4.04% | 2007-12-20 | 2026-04-23 |
| CVE-2007-6244 | Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer. | 4.3 | 69.08% | 2007-12-20 | 2026-04-23 |