Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3336 | 1 Punbb | 1 Punbb | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php.
|
|||||
| CVE-2009-1775 | 1 Ulteo | 1 Open Virtual Desktop | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open Virtual Desktop 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/applications.php, (2) admin/appsgroup.php, (3) admin/users.php, (4) admin/usersgroup.php, and (5) admin/tasks.php; (6) show parameter to admin/logs.php; and (7) mode parameter to admin/configuration-partial.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-2932 | 1 Sap | 1 Netweaver | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field.
|
|||||
| CVE-2008-6094 | 1 Celoxis | 1 Celoxis | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in user.do in Celoxis Technologies Celoxis allows remote attackers to inject arbitrary web script or HTML via the ni.smessage parameter.
|
|||||
| CVE-2007-5624 | 1 Nagios | 1 Nagios | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.
|
|||||
| CVE-2009-4608 | 1 Canon-its | 1 Accessguardian | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. ACCESSGUARDIAN 3.0.14 and earlier, and 3.5.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to authentication.
|
|||||
| CVE-2008-2450 | 1 Inmedias | 1 Statistics | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Statistics (aka ke_stats) extension 0.1.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-3905 | 1 Ecouriersoftware | 1 E-courirer Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-1663 | 1 Hp | 1 System Management Homepage | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2008-1041 | 1 Matts Whois | 1 Matts Whois | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
|
|||||
| CVE-2007-5479 | 1 Xcomputer | 1 Xcomputer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter.
|
|||||
| CVE-2008-4909 | 1 Compact Cms | 1 Compact Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and earlier allows remote attackers to perform unauthorized actions as legitimate users via unspecified vectors.
|
|||||
| CVE-2008-6208 | 1 E107 | 1 E107 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6824 | 1 Php Icalendar | 1 Php Icalendar | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cp ...
Show More |
|||||
| CVE-2008-4447 | 1 Positive Software | 1 H-sphere | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a sysinfo action.
|
|||||
| CVE-2008-4903 | 1 Typosphere | 1 Typo | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the leave comment (feedback) feature in Typo 5.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) comment[author] (Name) and (2) comment[url] (Website) parameters.
|
|||||
| CVE-2009-4366 | 1 Scriptsez | 1 Ez Blog | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action.
|
|||||
| CVE-2007-4981 | 1 Oblius | 1 Obedit | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the save function in Obedit 3.03 allows user-assisted remote attackers to inject arbitrary web script or HTML via unknown vectors, as demonstrated by a SCRIPT element in an unspecified context when saving a document. NOTE: because the details of the attack are uncertain, it is unclear whether this crosses privilege boundaries.
|
|||||
| CVE-2008-7036 | 2 Bcoos, E-xoops | 3 Bcoos, Devtracker, E-xoops | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters.
|
|||||
| CVE-2009-4172 | 2 Cutephp, Korn19 | 2 Cutenews, Utf-8 Cutenews | 2025-04-09 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action.
|
|||||
| CVE-2009-1343 | 1 Drupal | 2 Drupal, Print | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via content titles.
|
|||||
| CVE-2008-3714 | 1 Awstats | 1 Awstats | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.
|
|||||
| CVE-2009-0573 | 1 Fotoware | 1 Fotoweb | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx.
|
|||||
| CVE-2009-1408 | 1 Webspell | 1 Webspell | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags.
|
|||||
| CVE-2007-5183 | 1 Megasol | 1 Odysseysuite | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Mailbox.mws in OdysseySuite, possibly 4.0.729, allows remote attackers to inject arbitrary web script or HTML via the idkey parameter.
|
|||||
| CVE-2008-0258 | 1 Php Running Management | 1 Phprunman | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in PHP Running Management (phpRunMan) before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
|||||
| CVE-2008-2024 | 1 Minibb | 1 Minibb | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action.
|
|||||
| CVE-2009-4317 | 1 Scriptsez | 1 Ez Cart | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Cart allows remote attackers to inject arbitrary web script or HTML via the sid parameter in a showcat action.
|
|||||
| CVE-2008-5225 | 1 Xerox | 1 Docushare | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories.
|
|||||
| CVE-2009-3593 | 1 Freewebscriptz | 1 Freelancers | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to placebid.php and (2) jobid parameter to post_resume.php.
|
|||||
| CVE-2008-2525 | 1 Typo3 | 1 Rlmp Eventdb | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Event Database (aka rlmp_eventdb) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-5727 | 1 Oneorzero | 1 Oneorzero Helpdesk | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary web script or HTML via XSS sequences without SCRIPT tags in the description parameter to (1) tcreate.php or (2) tupdate.php, as demonstrated using an onmouseover event in a b tag.
|
|||||
| CVE-2007-3758 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Safari and 2 more | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks.
|
|||||
| CVE-2009-3437 | 2 Drupal, Henriksjokvist | 2 Drupal, Markdown Preview | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input."
|
|||||
| CVE-2008-0179 | 1 Liferay | 1 Liferay Enterprise Portal | 2025-04-09 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.
|
|||||
| CVE-2009-1877 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875.
|
|||||
| CVE-2009-4579 | 2 Joomla, Mambo-foundation | 3 Com Artistavenue, Joomla\!, Mambo | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.
|
|||||
| CVE-2008-6727 | 1 Myupb | 1 Upb | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
|
|||||
| CVE-2008-7121 | 1 Mrcgiguy | 1 Hot Links Sql-php | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar.
|
|||||
| CVE-2009-1288 | 1 Ibm | 2 Advanced Management Module, Bladecenter | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
|
|||||