Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5228 | 1 Drupal | 1 Drupal Project Issue Tracking | 2025-04-09 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the subscription functionality in the Project issue tracking module before 4.7.x-1.5, 4.7.x-2.x before 4.7.x-2.5, and 5.x-1.x before 5.x-1.1 for Drupal allows remote authenticated users with project create or edit permissions to inject arbitrary web script or HTML via unspecified vectors involving a (1) individual or (2) overview form.
|
|||||
| CVE-2008-0925 | 1 Novell | 1 Edirectory | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack."
|
|||||
| CVE-2008-1228 | 1 Minigal | 1 Mg2 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly Minigal) allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action.
|
|||||
| CVE-2007-6110 | 1 Htdig | 1 Htdig | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
|
|||||
| CVE-2007-5629 | 1 Candypress | 1 Candypress Store | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admin/logon.asp in ShoppingTree CandyPress Store 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2007-2804. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-3380 | 1 Myiosoft | 1 Easybookmarker | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in MyioSoft EasyBookMarker 4.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the rs parameter.
|
|||||
| CVE-2007-5562 | 1 Netgear | 1 Ssl312 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page.
|
|||||
| CVE-2009-2441 | 1 Esoftpro | 1 Online Guestbook Pro | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter.
|
|||||
| CVE-2007-5304 | 1 Yannick Tanguy | 1 Else If Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) repertimage parameter to utilisateurs/vousetesbannis.php, the (2) elseifvotetxtresultatduvote parameter to utilisateurs/votesresultats.php, and the (3) elseifforumtxtmenugeneraleduforum parameter to moduleajouter/depot/adminforum.php.
|
|||||
| CVE-2008-0005 | 3 Apache, Canonical, Fedoraproject | 3 Http Server, Ubuntu Linux, Fedora | 2025-04-09 | 4.3 MEDIUM | N/A |
|
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
|
|||||
| CVE-2007-5858 | 1 Apple | 5 Iphone, Iphone Os, Ipod Touch and 2 more | 2025-04-09 | 4.3 MEDIUM | N/A |
|
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
|
|||||
| CVE-2007-6637 | 1 Adobe | 1 Flash Player | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1.
|
|||||
| CVE-2008-2248 | 1 Microsoft | 2 Exchange Server, Outlook Web Access | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.
|
|||||
| CVE-2007-5295 | 1 Wikepage | 1 Opus | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in (a) Wikepage Opus 13 2007.2 and (b) TipiWiki 2 allow remote attackers to inject arbitrary web script or HTML via the (1) PageContent and (2) PageName parameters.
|
|||||
| CVE-2008-5019 | 3 Canonical, Debian, Mozilla | 3 Ubuntu Linux, Debian Linux, Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors.
|
|||||
| CVE-2008-4725 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60.
|
|||||
| CVE-2009-0430 | 1 Activewebsoftwares | 1 Active Bids | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to search.asp and the (2) URL parameter to tellafriend.asp.
|
|||||
| CVE-2009-2586 | 1 Edgephp | 1 Ezarticles | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in articles.php in EDGEPHP EZArticles allows remote attackers to inject arbitrary web script or HTML via the title parameter.
|
|||||
| CVE-2008-6969 | 1 Pentasoft Corp. | 1 Avactis Shopping Cart | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in Avactis Shopping Cart 1.8.0 and 1.8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) step_id and (2) CHECKOUT_CZ_BLOWFISH_KEY parameters.
|
|||||
| CVE-2009-4461 | 1 Flatpress | 1 Flatpress | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) contact.php, (2) login.php, and (3) search.php.
|
|||||
| CVE-2008-2505 | 1 Simpel Side | 1 Weblosninger | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in result.php in Simpel Side Weblosning 1 through 4 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
|||||
| CVE-2009-0523 | 1 Adobe | 2 Robohelp, Robohelp Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log.
|
|||||
| CVE-2009-1591 | 1 Cgi Rescue | 1 Cgi Web Mailer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 allows remote attackers to inject arbitrary HTTP headers, and conduct cross-site scripting (XSS) or HTTP response splitting attacks, via CRLF sequences in an unspecified web form.
|
|||||
| CVE-2009-3012 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context o ...
Show More |
|||||
| CVE-2007-5955 | 1 Updir | 1 Updir.net | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET before 2.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-3856 | 1 Twilightcms | 1 Twilight Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5858 | 1 Knowledgetree Document Management | 1 Knowledgetree Document Management | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree before 3.5.4a allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-4281.
|
|||||
| CVE-2008-2776 | 1 Dt Centrepiece | 1 Dt Centrepiece | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-1228 | 1 Arcadwy | 1 Arcadwy Arcade Script Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user_name parameter).
|
|||||
| CVE-2009-0737 | 1 Mediawiki | 1 Mediawiki | 2025-04-09 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2008-1487 | 1 Linpha | 1 Linpha | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php.
|
|||||
| CVE-2007-3653 | 1 Fascript | 1 Faname | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php.
|
|||||
| CVE-2007-1234 | 1 Bj Sintay | 1 Sitex | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (4) the page parameter to calendar_events.php.
|
|||||
| CVE-2007-5142 | 1 Solidweb | 1 Novus | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb Novus 1.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-5026 | 1 Microsoft | 1 Sharepoint Server | 2025-04-09 | 3.5 LOW | N/A |
|
Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents.
|
|||||
| CVE-2008-2026 | 1 Rsa | 1 Authentication Agent | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote attackers to inject arbitrary web script or HTML via a URL-encoded postdata parameter. NOTE: this is different than CVE-2005-1118, but it might be the same as CVE-2008-1470.
|
|||||
| CVE-2008-1258 | 1 D-link | 1 Di-604 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter.
|
|||||
| CVE-2009-3719 | 1 Davethewebguy | 1 Battle Blog | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to inject arbitrary web script or HTML via a comment.
|
|||||
| CVE-2009-4043 | 2 Drupal, Patrick Przybilla | 2 Drupal, Addtoany | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title.
|
|||||
| CVE-2009-3014 | 1 Mozilla | 3 Firefox, Mozilla, Seamonkey | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.
|
|||||