Export limit exceeded: 45861 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45861 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2967 | 1 Yektaweb | 1 Academic Web Tools | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlarea.js.php, and allow remote authenticated users to inject arbitrary web script or HTML via an unspecified field in room.php. | ||||
| CVE-2008-6436 | 1 Xerox | 1 Workcentre | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-6925 | 1 Zenphoto | 1 Zenphoto | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6431 | 1 Bmforum | 1 Bmforum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) outpused parameter to index.php, the (2) footer_copyright and (3) verandproname parameters to newtem/footer/bsd01footer.php, and the (4) topads and (5) myplugin parameters to newtem/header/bsd01header.php. | ||||
| CVE-2009-2932 | 1 Sap | 1 Netweaver | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field. | ||||
| CVE-2009-4159 | 2 Ivan Kartolo, Typo3 | 2 Direct Mail, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-2890 | 1 Phpscriptsnow | 1 Riddles | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter. | ||||
| CVE-2008-6325 | 1 Softbizscripts | 1 Classifieds Script | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306. | ||||
| CVE-2009-2930 | 1 Elkagroup | 1 Elkapax Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Search feature in elka CMS (aka Elkapax) allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI. | ||||
| CVE-2009-2889 | 1 Phpscriptsnow | 1 Hangman | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter. | ||||
| CVE-2008-6631 | 1 Blogphp | 1 Blogphp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in BlogPHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter in a sendmessage action and the (2) username parameter when registering a new user, different vectors than CVE-2008-0679. | ||||
| CVE-2008-6977 | 1 Fullrevolution | 1 Aspwebalbum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action. | ||||
| CVE-2009-2887 | 1 Phpscriptsnow | 1 President Bios | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter. | ||||
| CVE-2008-6297 | 1 Dhcart | 1 Dhcart | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in order.php in DHCart allows remote attackers to inject arbitrary web script or HTML via the (1) domain and (2) d1 parameters. | ||||
| CVE-2009-2884 | 1 Phpscriptsnow | 1 World\'s Tallest Buildings | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter. | ||||
| CVE-2008-6533 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||||
| CVE-2008-6295 | 1 Camera Life | 1 Camera Life | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.php and (2) rss.php; the query string after the image name in (3) photos/photo; the path parameter to (4) folder.php; page parameter and REQUEST_URI to (5) login.php; ver parameter to (6) media.php; theme parameter to (7) modules/iconset/iconset-debug.php; and the REQUEST_URI to (8) index.php. | ||||
| CVE-2009-2882 | 1 Datingpro | 1 Matchmaking | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php. | ||||
| CVE-2009-2342 | 1 Hans Oesterholt | 1 Cmme | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php (aka the login page) in Content Management Made Easy (CMME) before 1.22 allows remote attackers to inject arbitrary web script or HTML via the username field. | ||||
| CVE-2009-0424 | 1 An Guestbook | 1 An Guestbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook (ANG) before 0.7.7 allows remote attackers to inject arbitrary web script or HTML via the country parameter, which is not properly handled in (1) administrator/manage.php or (2) administrator/trash.php. NOTE: some of these details are obtained from third party information. | ||||