Export limit exceeded: 10392 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45763 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45763 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-7018 | 1 Nashtech | 1 Easy Php Calendar | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an add action in index.php. | ||||
| CVE-2008-7017 | 1 Cacert | 1 Cacert | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate. | ||||
| CVE-2008-6988 | 1 Ezphotogallery | 1 Ezphotogallery | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo Gallery (aka Ezphotogallery) 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) galleryid parameter to gallery.php, and the (2) size or (3) imageid parameters to show.php. | ||||
| CVE-2007-6572 | 1 Sun | 2 Java System Web Proxy Server, Java System Web Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204. | ||||
| CVE-2008-6982 | 1 Devalcms | 1 Devalcms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter. | ||||
| CVE-2007-6574 | 1 Dokeos | 2 Open Source Learning And Knowledge Management, Open Source Learning And Knowledge Management Tool | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php. | ||||
| CVE-2007-6589 | 1 Mozilla | 2 Firefox, Seamonkey | 2026-04-23 | N/A |
| The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947. | ||||
| CVE-2008-6979 | 1 Phpadultsite | 1 Phpadultsite Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to inject arbitrary web script or HTML via the results_per_page parameter to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue might be resultant from a separate SQL injection vulnerability. | ||||
| CVE-2008-6972 | 3 Drupal, Karen Stevenson, Yves Chedemois | 3 Drupal, Cck, Cck | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3) "allowed values" settings. | ||||
| CVE-2008-6969 | 1 Pentasoft Corp. | 1 Avactis Shopping Cart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in Avactis Shopping Cart 1.8.0 and 1.8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) step_id and (2) CHECKOUT_CZ_BLOWFISH_KEY parameters. | ||||
| CVE-2008-6946 | 1 Collabtive | 1 Collabtive | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php. | ||||
| CVE-2008-6945 | 1 Icdevgroup | 1 Interchange | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature. | ||||
| CVE-2008-6927 | 1 Cpanel | 1 Cpanel | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action. | ||||
| CVE-2008-6924 | 1 Intelliants | 1 Esyndicat | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in register.php in eSyndiCat Directory 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email, (3) password, (4) password2, (5) security_code, and (6) register parameters. | ||||
| CVE-2008-6915 | 1 Zeeways | 1 Zeeproperty | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in view_prop_details.php in Zeeways ZEEPROPERTY 1.0 allows remote attackers to inject arbitrary web script or HTML via the propid parameter. | ||||
| CVE-2008-6906 | 1 Babbleboard | 1 Babbleboard | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1.1.6 allows remote attackers to inject arbitrary web script or HTML via the username. | ||||
| CVE-2008-6893 | 2 Alt-n, Microsoft | 2 Worldclient, Internet Explorer | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag. | ||||
| CVE-2008-6891 | 1 Codetoad | 1 Asp Forum Script | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp. | ||||
| CVE-2008-6888 | 1 Preprojects | 1 Pre Classified Listings | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter. | ||||
| CVE-2008-6876 | 1 Editeurscripts | 1 Espartenaires | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in EsPartenaires 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037. | ||||