Export limit exceeded: 23827 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45687 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45687 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1735 | 1 Omnisoftsol | 1 Vidsharepro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-3741 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML. | ||||
| CVE-2009-3368 | 2 Joomla, Joomlahbs | 2 Joomla\!, Com Hbssearch | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php. | ||||
| CVE-2008-4168 | 1 Pro2col | 1 Stingray Fts | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in verify_login.jsp in Pro2col Stingray FTS allows remote attackers to inject arbitrary web script or HTML via the form_username parameter (aka user name field). | ||||
| CVE-2009-3453 | 1 Ibm | 1 Lotus Quickr | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to the Library template. | ||||
| CVE-2009-3469 | 1 Ibm | 1 Lotus Connections | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2009-3485 | 1 Juniper | 1 Junos | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI. | ||||
| CVE-2009-3479 | 2 Drupal, Ron Jerome | 2 Drupal, Bibliography | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title. | ||||
| CVE-2009-3486 | 1 Juniper | 1 Junos | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program. | ||||
| CVE-2009-3487 | 1 Juniper | 1 Junos | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the jexec program; the (2) act, (3) refresh-time, or (4) ifid parameter to scripter.php; (5) the revision parameter in a rollback action to the configuration program; the m[] parameter to the (6) monitor, (7) manage, (8) events, (9) configuration, or (10) alarms program; (11) the m[] parameter to the default URI; (12) the m[] parameter in a browse action to the default URI; (13) the wizard-next parameter in an https action to the configuration program; or the (14) Contact Information, (15) System Description, (16) Local Engine ID, (17) System Location, or (18) System Name Override SNMP parameter, related to the configuration program. | ||||
| CVE-2007-5648 | 1 Rnote | 1 Rnote | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in rNote 0.9.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) d or the (2) u parameter. | ||||
| CVE-2007-5649 | 1 Socketmail | 1 Socketmail | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative Digital Resources SocketMail 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the lost_id parameter. | ||||
| CVE-2009-3493 | 1 Zenas | 1 Paobacheca Guestbook | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php. | ||||
| CVE-2008-2808 | 3 Mozilla, Redhat, Ubuntu | 10 Firefox, Seamonkey, Thunderbird and 7 more | 2026-04-23 | N/A |
| Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. | ||||
| CVE-2009-3496 | 1 Vastal | 1 Dvd Zone | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter. | ||||
| CVE-2009-3856 | 1 Twilightcms | 1 Twilight Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3858 | 1 Gejosoft | 1 Gejosoft | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in GejoSoft allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI in photos/tags. | ||||
| CVE-2008-3786 | 1 Picturespro | 1 Picturespro Photo Cart | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action. | ||||
| CVE-2009-3506 | 1 Jean-michel Wyttenbach | 1 Cmsphp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) cook_user parameter to index.php and the (2) name parameter to modules.php. | ||||
| CVE-2009-3512 | 1 Phplemon | 1 Myweight | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php. | ||||