Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3915 | 2 Drupal, John C Fiala | 2 Drupal, Link | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field.
|
|||||
| CVE-2008-4119 | 2 Broadcom, Ca | 2 Service Desk, Cmdb | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms."
|
|||||
| CVE-2009-1344 | 1 Drupal | 2 Drupal, Localization Client | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality.
|
|||||
| CVE-2007-3482 | 2 Apple, Microsoft | 2 Safari, Windows Nt | 2025-04-09 | 7.8 HIGH | N/A |
|
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.
|
|||||
| CVE-2007-2248 | 1 Phorum | 1 Phorum | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module.
|
|||||
| CVE-2006-6746 | 1 Dreaxteam | 1 Xt-news | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php.
|
|||||
| CVE-2008-4196 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2008-1787 | 1 Poplar Gedcom Viewer | 1 Poplar Gedcom Viewer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Poplar Gedcom Viewer 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) text and (2) ul parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-7202 | 1 Openwebmail.acatysmoof | 1 Openwebmail | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail before 2.53 (Stable) allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2009-0525 | 1 Modernmethod | 1 Sajax | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the sajax_get_common_js function in php/Sajax.php in Sajax 0.12 allows remote attackers to inject arbitrary web script or HTML via the URL parameter, which is not properly handled when using browsers that do not URL-encode requests, such as Internet Explorer 6. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-1972 | 1 Oicgroup | 1 Exponent Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the user account creation feature in Exponent CMS 0.96.6-GA20071003 and earlier, when the Allow Registration? configuration option is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) firstname, (3) lastname, and (4) e-mail address fields. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-4119 | 2 Alex Barth, Drupal | 2 Feed Element Mapper, Drupal | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x before 6.x-1.3, and 6.x-2.0-alpha before 6.x-2.0-alpha4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2008-1342 | 1 Polymita Technologies | 2 Bpm Suite, Collageportal | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the (1) _q and (2) lucene_index_field_value parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-1204 | 1 Sun | 1 Java System Access Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.
|
|||||
| CVE-2007-6157 | 1 Simplegallery | 1 Simplegallery | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
|
|||||
| CVE-2008-2637 | 1 F5 | 1 Firepass Ssl Vpn | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.
|
|||||
| CVE-2009-4343 | 2 Dominic Eckart, Typo3 | 2 Trainincdb, Typo3 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-1581 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-09 | 4.3 MEDIUM | N/A |
|
functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message.
|
|||||
| CVE-2008-3679 | 1 Idevspot | 1 Phplinkexchange | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request without an action; or (6) the id parameter in a tellafriend action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-4570 | 1 Phpshop | 1 Phpshop | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in an order/order_print action to the default URI.
|
|||||
| CVE-2007-4465 | 1 Apache | 1 Http Server | 2025-04-09 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
|
|||||
| CVE-2007-5944 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are insufficient details to be sure.
|
|||||
| CVE-2008-5976 | 1 Preprojects | 1 Php Jobwebsite Pro | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via (1) the adname parameter in a Submit action or (2) the UserName field.
|
|||||
| CVE-2009-2079 | 1 Drupal | 2 Drupal, Taxonomy Manager | 2025-04-09 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via (1) vocabulary names, (2) synonyms, and (3) term names.
|
|||||
| CVE-2007-3405 | 1 Lebisoft | 1 Lebisoft Zdefter | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp in Lebisoft zdefter 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ad and (2) konu parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-6465 | 1 Ganglia | 1 Ganglia | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.ph ...
Show More |
|||||
| CVE-2008-1273 | 1 Imagevue | 1 Imagevue | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-1045 | 1 Alkacon | 1 Opencms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter.
|
|||||
| CVE-2009-3195 | 1 Jce-tech | 1 Auction Rss Content Script | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rss.php and (2) search.php.
|
|||||
| CVE-2008-0669 | 1 Sift | 1 Unity | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity allows remote attackers to inject arbitrary web script or HTML via the qt parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-4874 | 1 Boesch-it | 1 Simpnews | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php.
|
|||||
| CVE-2009-0541 | 1 Magentocommerc | 1 Magento | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function; (2) the email address field in an admin/index/forgotpassword/ request to index.php, possibly related to the email parameter and the app/code/core/Mage/Adminhtml/controllers/Index ...
Show More |
|||||
| CVE-2009-3210 | 2 Drupal, Joao Ventura | 2 Drupal, Print | 2025-04-09 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-6611 | 1 Mantis | 1 Mantis | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.
|
|||||
| CVE-2007-5051 | 1 Phpgedview | 1 Phpgedview | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) box_width, (2) PEDIGREE_GENERATIONS, and (3) rootid parameters in ancestry.php, and the (4) newpid parameter in timeline.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-0134 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter.
|
|||||
| CVE-2009-2780 | 1 68 Classifieds | 1 68 Classifieds | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.
|
|||||
| CVE-2007-4589 | 1 Interworx | 1 Web Control Panel | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and ...
Show More |
|||||
| CVE-2007-4900 | 1 Rsa | 1 Envision | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the logon page in RSA EnVision 3.3.6 Build 0115 allows remote attackers to inject arbitrary web script or HTML via the username field.
|
|||||
| CVE-2008-1987 | 1 Encaps | 1 Encapsgallery | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in EncapsGallery 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
|||||