Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1253 | 1 D-link | 1 Dsl-g604t | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page.
|
|||||
| CVE-2008-1978 | 1 Drupal | 2 Drupal, Ubercart Module | 2025-04-09 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428.
|
|||||
| CVE-2007-5947 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.
|
|||||
| CVE-2008-0618 | 1 Dmsguestbook Project | 1 Dmsguestbook | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to unspecified programs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-2581 | 1 Editeurscripts | 1 Esnews | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in modifier.php in EditeurScripts EsNews 1.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
|
|||||
| CVE-2008-2449 | 1 Ikemcg | 1 Phpinstantgallery | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Isaac McGowan phpInstantGallery 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) gallery parameter to (a) index.php and (b) image.php, and the (2) imgnum parameter to image.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5703 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements.
|
|||||
| CVE-2008-5249 | 1 Mediawiki | 1 Mediawiki | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-5211 | 1 Arbor Networks | 1 Peakflow Sp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks Peakflow SP 3.5.1 before patch 14, and 3.6.1 before patch 5, when scope accounts are enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving GET or POST requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6396 | 1 Celerondude | 1 Uploader | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in account.php in Celerondude Uploader 6.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-1939 | 1 Joomla | 1 Joomla | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-0796 | 1 Apache | 2 Http Server, Mod Perl | 2025-04-09 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
|
|||||
| CVE-2008-0155 | 1 Evilboard | 1 Evilboard | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter.
|
|||||
| CVE-2008-2126 | 1 Tux Cms | 1 Tux Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to index.php and the (2) returnURL parameter to tux-login.php.
|
|||||
| CVE-2008-4182 | 1 Horde | 1 Turba Contact Manager H3 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session.
|
|||||
| CVE-2008-2302 | 1 Django Project | 1 Django | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.
|
|||||
| CVE-2008-5769 | 1 Kerio | 1 Kerio Mailserver | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-6274 | 1 Bcoos | 1 Bcoos | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter.
|
|||||
| CVE-2008-1649 | 1 Myiosoft | 1 Easynews | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action.
|
|||||
| CVE-2008-2187 | 1 Mdsjack | 1 Mjguest | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in mjguest.php in Mjguest 6.7 GT Rev.01 allows remote attackers to inject arbitrary web script or HTML via the level parameter in a redirect action, possibly involving interface/redirect.htm.php.
|
|||||
| CVE-2007-6141 | 1 Vbtube | 1 Vbtube | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
|||||
| CVE-2008-0909 | 1 Schoolwires | 1 Academic Portal | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to inject arbitrary web script or HTML via the c parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-2773 | 1 Drupal | 1 Taxonomy Image Module | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2008-0539 | 1 F5 | 1 Big-ip Application Security Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter.
|
|||||
| CVE-2008-4365 | 1 Siteman | 1 Siteman | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in Siteman 1.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-3821 | 1 Cisco | 1 Ios | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.
|
|||||
| CVE-2008-4118 | 1 High Norm | 1 Sound Master 2nd | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-1287 | 1 Cisco | 1 Subscriber Edge Services Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge Services Manager (SESM) allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-0643 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-5212 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
|
|||||
| CVE-2008-6699 | 1 Typo3 | 2 Tjs Reslib, Typo3 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2007-6486 | 1 Geek-palace.com | 1 Lineshout | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-5647 | 1 Socketkb | 1 Socketkb | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) art_id or (2) node parameter in an article action to the default URI.
|
|||||
| CVE-2008-4918 | 1 Sonicwall | 4 Pro 2040, Sonicos Enhanced, Tz 180 and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."
|
|||||
| CVE-2009-0575 | 1 Drupal | 1 Views Bulk Operations | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the theme_views_bulk_operations_confirmation function in views_bulk_operations.module in Views Bulk Operations 5.x before 5.x-1.3 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to node titles. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6850 | 1 Php-fusion | 1 Php-fusion | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-3479 | 2 Drupal, Ron Jerome | 2 Drupal, Bibliography | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title.
|
|||||
| CVE-2008-1304 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.
|
|||||
| CVE-2009-4214 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.
|
|||||
| CVE-2008-2997 | 1 Gravityboardx | 1 Gravity Board X | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Gravity Board X (GBX) 2.0 Beta allows remote attackers to inject arbitrary web script or HTML via the subject parameter in a postnewsubmit (aka create new thread) action.
|
|||||