Export limit exceeded: 349334 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45781 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4089 | 1 Myphpnuke | 1 Myphpnuke | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | ||||
| CVE-2008-4083 | 1 Brim-project | 1 Brim | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4079 | 1 Six Apart | 1 Movable Type | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-4066 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug." | ||||
| CVE-2008-4056 | 1 Matterdaddy | 1 Matterdaddy Market | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/login.php in Matterdaddy Market 1.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4053 | 2 Bluemoon, Xoops | 2 Popnupblog, Xoops | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) cat_id, and (3) view parameters. | ||||
| CVE-2008-4020 | 1 Microsoft | 1 Office | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability." | ||||
| CVE-2008-3968 | 1 Punbb | 1 Punbb | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | ||||
| CVE-2008-3941 | 1 Bizdirectory | 1 Bizdirectory | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI. | ||||
| CVE-2008-3937 | 1 Opendb | 1 Opendb | 2026-04-23 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php. | ||||
| CVE-2008-3824 | 2 Horde, Popoon | 2 Horde, Popoon | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message. | ||||
| CVE-2008-3823 | 1 Horde | 1 Horde | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message. | ||||
| CVE-2008-3821 | 1 Cisco | 1 Ios | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI. | ||||
| CVE-2008-3715 | 1 Flexcms | 1 Flexcms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter. | ||||
| CVE-2008-3714 | 1 Awstats | 1 Awstats | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945. | ||||
| CVE-2008-3709 | 1 Hotscripts | 1 Cyboards Php Lite | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the (1) lOptionsOptions, (2) lNavAdminOptions, or (3) lNavReturn parameter to options.php; or the (4) lNavReturn parameter to subscribe.php. | ||||
| CVE-2008-3678 | 1 Damian Hickey | 1 Freeway | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway before 1.4.2.197 allows remote attackers to inject arbitrary web script or HTML via the URL. | ||||
| CVE-2008-3587 | 1 Needscripts | 1 Homes 4 Sale | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter. | ||||
| CVE-2008-3581 | 1 Qsoft | 1 K-links | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the login_message parameter in a login action. | ||||
| CVE-2008-3574 | 1 Pluck | 1 Pluck | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php. | ||||