Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1937 | 1 Lightneasy | 1 Lightneasy | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the comment posting feature in LightNEasy 2.2.1 "no database" (aka flat) and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the (1) commentname (aka Author), (2) commentemail (aka Email), and (3) commentmessage (aka Comment) parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-3137 | 1 Webmaster Solutions | 1 Wmscms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is incorrect.
|
|||||
| CVE-2007-6541 | 1 Neuron News | 1 Neuron News | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3) newsmonth parameter in a newsarchive action to the default URI in patch/.
|
|||||
| CVE-2008-6515 | 1 Vclcomponents | 1 Yappa-ng | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
|
|||||
| CVE-2008-2965 | 1 Jaxbot | 1 Jaxultrabb | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in viewforum.php in JaxUltraBB (JUBB) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter.
|
|||||
| CVE-2009-3653 | 2 Darren Oh, Drupal | 2 Xml Sitemap, Drupal | 2025-04-09 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output.
|
|||||
| CVE-2008-3088 | 1 Kasseler-cms | 1 Kasseler Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Files module in Kasseler CMS 1.3.0 and 1.3.1 Lite allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a Category action to index.php.
|
|||||
| CVE-2009-2162 | 2 Ishii, Xoops | 2 Pukiwikimod, Xoops | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2006-5486 | 1 Sun | 2 Iplanet Messaging Server, Java System Messaging Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages.
|
|||||
| CVE-2009-3594 | 1 Blob | 1 Blog System | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter.
|
|||||
| CVE-2008-2397 | 1 Dotcms | 1 Dotcms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-5291 | 1 Daniel Broadbent | 1 Db Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2008-5720 | 1 Seasar | 1 Mayaa | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions.
|
|||||
| CVE-2008-1630 | 1 Emedia Office Gmbh | 1 Cuteflow | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php; and (2) edittemplate_step2.php, (3) showfields.php, (4) showuser.php, (5) editmailinglist_step1.php, and (6) showtemplates.php in pages/.
|
|||||
| CVE-2009-1849 | 1 Paessler | 2 Prtg Traffic Grapher, Prtg Traffic Grapher6.0.5.416 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth function in PRTG Traffic Grapher 6.2.2.977 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2008-4481 | 1 Redmine | 1 Redmine | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-4557 | 2 Drupal, Unleashedmind | 2 Drupal, Img Assist | 2025-04-09 | 2.1 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with image-node creation privileges, to inject arbitrary web script or HTML via a node title.
|
|||||
| CVE-2009-2930 | 1 Elkagroup | 1 Elkapax Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Search feature in elka CMS (aka Elkapax) allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI.
|
|||||
| CVE-2006-7233 | 1 Ignite Realtime | 1 Openfire | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.6.0, and possibly other versions before 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the url parameter.
|
|||||
| CVE-2008-1129 | 1 Xrms Crm | 1 Xrms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admin/users/self.php in XRMS CRM allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5942 | 1 Modxcms | 1 Modxcms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the preserveUrls function and (2) "username input." NOTE: vector 2 may be related to CVE-2008-5939.
|
|||||
| CVE-2008-2646 | 1 Mebiblio | 1 Mebiblio | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sql parameter to dbadd.inc.php, (2) InsertJournal parameter to add_journal_mask.inc.php, (3) InsertBibliography parameter to insert_mask.inc.php, and (4) LabelYear parameter to search_mask.inc.php.
|
|||||
| CVE-2007-2811 | 1 Osk | 1 Advance-flow | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2008-4535 | 1 Ec-cube | 1 Ec-cube | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in EC-CUBE Ver2 2.1.2a and earlier, EC-CUBE Ver2 Beta(RC) 2.2.0-beta and earlier, and EC-CUBE Community Edition Nighly-Build r17623 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4536 and CVE-2008-4537.
|
|||||
| CVE-2007-5296 | 1 Livio Siri | 1 Dblist | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in dblisttest.asp in dbList 8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) db, (2) pagesize, (3) sort, (4) strKeyWords, and (5) table parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-3493 | 1 Zenas | 1 Paobacheca Guestbook | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php.
|
|||||
| CVE-2009-2352 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Google Chrome 1.0.154.48 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta are also affected.
|
|||||
| CVE-2008-6891 | 1 Codetoad | 1 Asp Forum Script | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp.
|
|||||
| CVE-2009-4352 | 1 Transware | 1 Active Mail 2003 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0939, allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Cc, and (4) Bcc parameters.
|
|||||
| CVE-2008-6217 | 1 Extrakt | 1 Extrakt Framework | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Extrakt Framework 0.7 allows remote attackers to inject arbitrary web script or HTML via the plugins[file][id] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-5218 | 1 Don Barnes | 1 Drbguestbook | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Don Barnes DRBGuestbook 1.1.13 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
|
|||||
| CVE-2009-0239 | 1 Microsoft | 3 Windows Search, Windows Server 2003, Windows Xp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
|
|||||
| CVE-2008-0416 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.
|
|||||
| CVE-2008-2162 | 1 Sonicwall | 1 E-mail Security | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page.
|
|||||
| CVE-2008-6215 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to inject arbitrary web script or HTML via the OfertaID parameter.
|
|||||
| CVE-2008-4672 | 1 Goodlyrics | 1 Lyrics Script | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search_results.php in buymyscripts Lyrics Script allows remote attackers to inject arbitrary web script or HTML via the k parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-0038 | 1 Apache | 1 Geronimo | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/.
|
|||||
| CVE-2008-3028 | 1 Typo3 | 1 Send A Card | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card (sr_sendcard) extension 2.2.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-4469 | 1 Giombetti | 1 Phppowercards | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in pagenumber.inc.php in phpPowerCards 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) archiv parameter, and the (3) subcat parameter.
|
|||||
| CVE-2008-4742 | 1 Timetrex | 1 Timetrex | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in interface/Login.php in TimeTrex 2.2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) password and (2) user_name parameters.
|
|||||