Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1133 | 1 Drupal | 1 Drupal | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
|
|||||
| CVE-2008-5093 | 1 Novell | 1 Edirectory | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2007-1145 | 1 Kayako | 1 Esupport | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin an ...
Show More |
|||||
| CVE-2007-5033 | 1 Phpbb Xs | 1 Phpbb Xs | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profile_info editprofile action.
|
|||||
| CVE-2008-0700 | 1 Crux Software | 1 Cruxcms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-5172 | 1 Forumsoftware | 1 Yazd Forum Software | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Software 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to (a) search.jsp, and the (2) msg parameter to (b) error.jsp and (c) userAccount.jsp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-4069 | 1 Gforge | 1 Gforge | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-3562 | 1 Xerver | 1 Xerver | 2025-04-09 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.
|
|||||
| CVE-2008-3622 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."
|
|||||
| CVE-2009-2217 | 1 Phantom-inker | 1 Nbbc | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via an invalid URL in a BBCode img tag.
|
|||||
| CVE-2009-4590 | 1 Secureideas | 1 Base | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-3651 | 2 Drupal, Mikeryan | 2 Drupal, Browscap | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
|
|||||
| CVE-2009-1321 | 1 Humayun Shabbir Bhutta | 1 Asp Product Catalog | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.asp in ASP Product Catalog 1.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
|
|||||
| CVE-2008-5126 | 1 Boutikone | 1 Boutikone Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.
|
|||||
| CVE-2008-4696 | 1 Opera | 1 Opera | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).
|
|||||
| CVE-2007-5176 | 1 Grouplink | 1 Ehelpdesk | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in GroupLink eHelpDesk 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) NA_DISPLAYNAME parameter in helpdesk/user/rf_create.jsp and the (2) username and (3) LDAPError parameters in index2.jsp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-3201 | 1 Pagefusion | 1 Pagefusion | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Pagefusion 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) acct_fname and (2) acct_lname parameters in an edit action, and the (3) PID, (4) PGID, and (5) rez parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-2447 | 1 Esoftpro | 1 Online Guestbook Pro | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in Online Guestbook Pro 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) display parameter.
|
|||||
| CVE-2008-4456 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
|
|||||
| CVE-2009-0830 | 1 Andrew Freed | 1 Quotebook | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in QuoteBook allows remote attackers to inject arbitrary web script or HTML via the (1) QuoteName and (2) QuoteText parameters to quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-5429 | 1 Nucleus Cms | 1 Nucleus Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 allows remote attackers to inject arbitrary web script or HTML via the archive parameter.
|
|||||
| CVE-2008-0676 | 1 A-blog | 1 A-blog | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
|
|||||
| CVE-2007-6100 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.
|
|||||
| CVE-2009-4468 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
|||||
| CVE-2008-6325 | 1 Softbizscripts | 1 Classifieds Script | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered ...
Show More |
|||||
| CVE-2008-2181 | 1 Cplinks | 1 Cplinks | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the (1) search_text and (2) search_category parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6130 | 1 Mozilo | 1 Mozilowiki | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters.
|
|||||
| CVE-2008-1212 | 1 Podcast Generator | 1 Podcast Generator | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in set_permissions.php in Podcast Generator 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the scriptlang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-0872 | 1 Smartertools | 1 Smartermail Enterprise | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message.
|
|||||
| CVE-2009-1934 | 1 Sun | 2 Java System Web Server, One Web Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.
|
|||||
| CVE-2008-2274 | 1 Typo3 | 1 Sr Feuser Register Extension | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2008-0837 | 2 John Godley, Wordpress | 2 Search Unleashed, Search Unleashed Plugin | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file.
|
|||||
| CVE-2008-4076 | 1 Tor World | 4 Interactive Bbs, Simple Bbs, Topics Bbs and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917.
|
|||||
| CVE-2008-5757 | 1 Textpattern | 1 Textpattern | 2025-04-09 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6839 | 1 Tgs-cms | 1 Tgs Content Management | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Management 0.3.2r2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg and (2) goodmsg parameters to (a) login.php and (b) index.php, and the (3) dir and (4) id parameters to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-1820 | 1 2daybiz | 1 Custom T-shirt Design Script | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2007-6136 | 1 M2scripts | 1 My Space Scripts Poll Creator | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a create_new action. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-0736 | 1 Simon Brown | 1 Pebble | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-3320 | 1 Zenas | 1 Paolink | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
|||||
| CVE-2009-0378 | 1 Joomla | 2 Com Beamospetition, Joomla | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action.
|
|||||