Export limit exceeded: 45679 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45679 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6476 | 1 Dotnetblogengine | 1 Blogengine.net | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2009-3348 | 1 Datavore | 1 Gyro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component. | ||||
| CVE-2008-2768 | 1 Xigla | 1 Absolute Poll Manager Xe | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors ("all fields"). | ||||
| CVE-2009-3240 | 2 Ohwada, Xoops | 2 Xf-section, Xoops | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-6495 | 1 Zirkon Box | 1 Yappa-ng | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter. | ||||
| CVE-2008-2766 | 1 Xigla | 1 Absolute Image Gallery Xe | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Xigla Absolute Image Gallery XE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) admin/search.asp and (2) gallery.asp. | ||||
| CVE-2009-3222 | 1 Freewebscriptz | 1 Honest Traffic | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in FreeWebScriptz Honest Traffic (FWSHT) 1.x allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2007-4595 | 1 The Seasar Foundation | 1 Mayaa | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows remote attackers to inject arbitrary web script or HTML in certain circumstances involving (1) lack of charset specification within a META element or (2) a META element that specifies an unrecognized charset, which trigger automatic character set recognition by the web browser, as demonstrated by improper handling of UTF-7 data. | ||||
| CVE-2009-3311 | 1 Rssmediascript | 1 Rssmediascript | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2009-3202 | 1 Uloki | 1 Uloki Php Forum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP Forum 2.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter. | ||||
| CVE-2008-2759 | 1 Xigla | 1 Absolute Form Processor Xe | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showfields, (2) text, and (3) submissions parameters to search.asp and the (4) name parameter to users.asp. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3300 | 1 Internet2 | 2 Identity Provider, Service Provider | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms. | ||||
| CVE-2009-3189 | 1 Digioz | 1 Digioz Guestbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in DigiOz Guestbook 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter. | ||||
| CVE-2009-3187 | 1 Standalonearcade | 1 Saa | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in gamelist.php in Stand Alone Arcade 1.1 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | ||||
| CVE-2008-6533 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||||
| CVE-2007-4245 | 1 Dimema | 1 Contentdm | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa CONTENTdm (CDM) allows remote attackers to inject arbitrary web script or HTML via a search, probably related to the CISOBOX1 parameter to results.php in CDM 4.2. | ||||
| CVE-2008-3714 | 1 Awstats | 1 Awstats | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945. | ||||
| CVE-2007-4189 | 1 Joomla | 1 Joomla\! | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4144 | 1 Mitridat | 1 Form Processor Pro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in sample-forms/simple-contact-form-with-preview/simple-contact-form-with-preview.html in MitriDAT eMail Form Processor Pro allows remote attackers to inject arbitrary web script or HTML via the base_path parameter, possibly related to (1) formprocessorpro.php in the PHP version of the product, and (2) formprocessorpro.pl in the Perl version of the product. | ||||
| CVE-2008-1846 | 1 Sap | 1 Netweaver | 2026-04-23 | N/A |
| The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file. | ||||