Export limit exceeded: 45683 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45683 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0617 | 1 Dmsguestbook Project | 1 Dmsguestbook | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter to wp-admin/admin.php, or the (2) messagefield parameter in the guestbook page, and the (3) title parameter in the messagearea. | ||||
| CVE-2008-0669 | 1 Sift | 1 Unity | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity allows remote attackers to inject arbitrary web script or HTML via the qt parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0676 | 1 A-blog | 1 A-blog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter. | ||||
| CVE-2008-0679 | 1 Blogphp | 1 Blogphp | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2008-0688 | 1 Smartscript | 1 Domain Trader | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript Domain Trader 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a viewcategory action. | ||||
| CVE-2008-0694 | 1 Ibm | 1 Os 400 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. | ||||
| CVE-2008-0700 | 1 Crux Software | 1 Cruxcms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0722 | 1 Pagetool | 1 Pagetool | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Pagetool 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter in a pagetool_search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0751 | 2 Microsoft, S9y | 2 Internet Explorer, Serendipity Event Freetag | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/. | ||||
| CVE-2008-0749 | 1 Calimero.cms | 1 Calimero.cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS 3.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a calimero_webpage action. | ||||
| CVE-2008-0775 | 1 Simple Machines | 1 Smf Shoutbox | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with ";". | ||||
| CVE-2008-0783 | 1 Cacti | 1 Cacti | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action parameter to the draw_navigation_text function in lib/functions.php, reachable through index.php (aka the login page) or data_input.php; or (4) the login_username parameter to index.php. | ||||
| CVE-2008-0809 | 1 Ikiwiki | 1 Ikiwiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents. | ||||
| CVE-2009-4119 | 2 Alex Barth, Drupal | 2 Feed Element Mapper, Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x before 6.x-1.3, and 6.x-2.0-alpha before 6.x-2.0-alpha4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-0820 | 1 Etomite | 1 Etomite | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER['PHP_INFO']. NOTE: the vendor disputes this issue in a followup, stating that the affected variable is $_SERVER['PHP_SELF'], and "This is not an Etomite specific exploit and I would like the report rescinded. | ||||
| CVE-2008-0828 | 1 Atutor | 1 Atutor | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the profile. | ||||
| CVE-2008-0834 | 1 Ibm | 1 Lotus Quickr | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-0837 | 2 John Godley, Wordpress | 2 Search Unleashed, Search Unleashed Plugin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file. | ||||
| CVE-2008-0838 | 1 Sophos | 2 Es1000, Es4000 | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page. | ||||
| CVE-2008-0851 | 1 Dokeos | 1 E-learning System | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to main/admin/course_category.php, (4) message parameter to main/admin/session_list.php in a show_message action, and (5) an avatar image to main/auth/profile.php. | ||||