Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3789 | 1 Opendocman | 1 Opendocman | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.
|
|||||
| CVE-2008-3559 | 1 Kaphotoservice | 1 Kaphotoservice | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice allow remote attackers to inject arbitrary web script or HTML via the (1) filename parameter to search.asp and the (2) page parameter to order.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6978 | 1 Fckeditor | 1 Fckeditor | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.
|
|||||
| CVE-2008-1502 | 2 Egroupware, Moodle | 2 Egroupware, Moodle | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
|
|||||
| CVE-2008-3397 | 1 Runesoft | 1 Cerberus Cms | 2025-04-09 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie.
|
|||||
| CVE-2007-6297 | 1 Php Heaven | 1 Phpmychat | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css. ...
Show More |
|||||
| CVE-2009-2851 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.
|
|||||
| CVE-2009-4522 | 1 Bloofox | 1 Bloofoxcms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-0537 | 1 Kde | 1 Konqueror | 2025-04-09 | 2.6 LOW | N/A |
|
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.
|
|||||
| CVE-2009-0660 | 1 Mahara | 1 Mahara | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487.
|
|||||
| CVE-2009-4063 | 2 Drupal, Ezra Barnett Gildesgame | 2 Drupal, Og Subgroups | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles.
|
|||||
| CVE-2009-4516 | 2 Drupal, Nanwich | 2 Drupal, Faq Ask | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2008-7184 | 1 Diigo | 2 Diigo Toolbar, Diigolet | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet allows remote attackers to inject arbitrary web script or HTML via a public comment.
|
|||||
| CVE-2009-3265 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability.
|
|||||
| CVE-2009-3187 | 1 Standalonearcade | 1 Saa | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in gamelist.php in Stand Alone Arcade 1.1 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
|
|||||
| CVE-2008-3773 | 1 Vbulletin | 1 Vbulletin | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]).
|
|||||
| CVE-2007-1576 | 1 Phprojekt | 1 Phprojekt | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files.
|
|||||
| CVE-2007-1358 | 1 Apache | 1 Tomcat | 2025-04-09 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
|
|||||
| CVE-2008-2980 | 1 Homeph Design | 1 Homeph Design | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) error_meldung parameter to admin/features/register/register.php, the (2) feature_language[ueberschrift] parameter to admin/features/memberlist/memberlist.php, the (3) language_array[ueberschrift] parameter to admin/features/lostpassword/lostpassword.php, the (4) language_feature[titel] parameter to admin/features/kalender/eingabe.php, and the (5) ...
Show More |
|||||
| CVE-2009-0611 | 1 Novell | 1 Open Enterprise Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter.
|
|||||
| CVE-2008-5399 | 1 Mvnforum | 1 Mvnforum | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the listonlineusers (aka "Who's online") component in mvnForum before 1.2.1 GA allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
|||||
| CVE-2009-4239 | 1 Ibm | 1 Infosphere Information Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2008-2973 | 1 Mm Chat | 1 Mm Chat | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in MM Chat 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sitename and (2) wmessage parameters.
|
|||||
| CVE-2008-5323 | 1 Easy-script | 1 Wysi Wiki Wyg | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg 1.0 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
|
|||||
| CVE-2009-2316 | 1 Ibm | 1 Tivoli Identity Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector.
|
|||||
| CVE-2009-3152 | 1 Nt | 1 Bbs E-market | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view action.
|
|||||
| CVE-2007-4595 | 1 The Seasar Foundation | 1 Mayaa | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows remote attackers to inject arbitrary web script or HTML in certain circumstances involving (1) lack of charset specification within a META element or (2) a META element that specifies an unrecognized charset, which trigger automatic character set recognition by the web browser, as demonstrated by improper handling of UTF-7 data.
|
|||||
| CVE-2008-0552 | 1 Eticket | 1 Eticket | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
|||||
| CVE-2009-1047 | 1 Drupal | 2 Drupal, Print | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail.
|
|||||
| CVE-2008-1165 | 1 Flyspray | 1 Flyspray | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-6569 | 1 Sun | 2 Java System Web Proxy Server, Java System Web Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246.
|
|||||
| CVE-2008-2788 | 1 Opendocman | 1 Opendocman | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.
|
|||||
| CVE-2008-1896 | 1 Carboncommunities | 1 Carbon Communities | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp.
|
|||||
| CVE-2008-5304 | 1 Twiki | 1 Twiki | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.
|
|||||
| CVE-2008-6062 | 1 Adobe | 1 Dreamweaver | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637.
|
|||||
| CVE-2009-4403 | 1 Rumbacms | 1 Rumba Xml | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-5415 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5414.
|
|||||
| CVE-2008-0276 | 1 Drupal | 1 Drupal | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table.
|
|||||
| CVE-2007-6646 | 1 Integry Systems | 1 Livecart | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via (1) the return parameter to user/remindPassword, (2) the q parameter to the category script, (3) the return parameter to the order script, or (4) the email parameter to user/remindComplete.
|
|||||
| CVE-2008-4530 | 1 Drupal | 1 Brilliant Gallery | 2025-04-09 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers.
|
|||||