Export limit exceeded: 45720 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45720 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2438 | 1 Clansphere | 1 Clansphere | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the search module in ClanSphere 2009.0 and 2009.0.2 allows remote attackers to inject arbitrary web script or HTML via the text parameter in a list action. NOTE: this might overlap CVE-2008-1399. | ||||
| CVE-2008-2998 | 1 Drupal | 2 Aggregation Module, Drupal | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-2441 | 1 Esoftpro | 1 Online Guestbook Pro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter. | ||||
| CVE-2009-2442 | 1 Linea21 | 1 Linea21 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in public/index.php in Linea21 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a resultats-recherche action. | ||||
| CVE-2009-2447 | 1 Esoftpro | 1 Online Guestbook Pro | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in Online Guestbook Pro 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) display parameter. | ||||
| CVE-2009-2454 | 1 Citrix | 1 Web Interface | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6, 5.0, and 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-2455 | 1 Atmail | 1 \@tmail | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in webadmin/admin.php in @mail 5.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) type and (2) func parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2480 | 1 Movabletype | 1 Six Apart Movable Type | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type 4.24, and 4.25 when global templates are not initialized, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4042 | 2 Drupal, Marek Sotak | 2 Drupal, Rootcandy | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. | ||||
| CVE-2009-1035 | 2 Drupal, Jake Gordon | 2 Drupal, Tasks | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS). | ||||
| CVE-2008-2994 | 1 Phpeasydata | 1 Phpeasydata | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to inject arbitrary web script or HTML via the (1) annuaire parameter to (a) last_records.php and (b) annuaire.php and the (2) by and (3) cat_id parameters to annuaire.php. | ||||
| CVE-2009-1575 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7. | ||||
| CVE-2009-1578 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING). | ||||
| CVE-2009-1588 | 1 Cgi Rescue | 1 Cgi Rescue Minibbs | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in CGI RESCUE MiniBBS 8t before 8.95t, 8 before 8.95, 9 before 9.08, and 10 before 10.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-0319 | 1 Docmint | 1 Docmint | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 and 2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-0320 | 1 X10media | 1 Glitter Central Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in submitlink.php in Glitter Central Script allows remote attackers to inject arbitrary web script or HTML via the catid parameter. | ||||
| CVE-2010-0321 | 1 Jamit | 1 Jamit Job Board | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Job Board 3.0 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter. | ||||
| CVE-2010-0326 | 3 Francois Suter, Rene Fritz, Typo3 | 3 Devlog, Devlog, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-0327 | 2 Julian Kleinhans, Typo3 | 2 Kj Imagelightbox2, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-2490. | ||||
| CVE-2010-0328 | 2 Rastislav Birka, Typo3 | 2 Cs2 Unitconv, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||