Export limit exceeded: 45689 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45689 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2410 | 1 Ibm | 1 Lotus Domino Web Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-2421 | 1 Sap | 2 Sap Web Application Server, Web Dynpro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/. | ||||
| CVE-2008-2445 | 1 Wgcc | 1 Web Group Communication Center | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in profile.php in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a show action. | ||||
| CVE-2008-2449 | 1 Ikemcg | 1 Phpinstantgallery | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Isaac McGowan phpInstantGallery 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) gallery parameter to (a) index.php and (b) image.php, and the (2) imgnum parameter to image.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-2450 | 1 Inmedias | 1 Statistics | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Statistics (aka ke_stats) extension 0.1.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-2452 | 1 Inmedias | 1 Questionaire | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Questionaire (aka pbsurvey) extension 1.2.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-2458 | 1 4shared | 1 Starsgames Control Panel | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Starsgames Control Panel 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the st parameter. | ||||
| CVE-2008-6240 | 1 Openedit | 1 Openedit Digital Asset Management | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in data/views/index.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the catalogid parameter. | ||||
| CVE-2009-3757 | 1 Citrix | 1 Xencenterweb | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-3342 | 1 Myiosoft | 1 Easypublish | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_News action. | ||||
| CVE-2009-4522 | 1 Bloofox | 1 Bloofoxcms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4524 | 2 Drupal, Nancy Wichmann | 2 Drupal, Realname | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element. | ||||
| CVE-2009-4532 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label. | ||||
| CVE-2008-3344 | 1 Myiosoft | 1 Easye-cards | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a allow remote attackers to inject arbitrary web script or HTML via the (1) ResultHtml, (2) dir, (3) SenderName, (4) RecipientName, (5) SenderMail, and (6) RecipientMail parameters. | ||||
| CVE-2009-4554 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag. | ||||
| CVE-2009-4557 | 2 Drupal, Unleashedmind | 2 Drupal, Img Assist | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with image-node creation privileges, to inject arbitrary web script or HTML via a node title. | ||||
| CVE-2008-2668 | 1 Y-blog | 1 Yblog | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php. | ||||
| CVE-2009-4568 | 1 Webmin | 2 Usermin, Webmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-5290 | 1 Scripts4you | 1 Clean Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2009-4573 | 2 Joomla, Joomlabear | 2 Joomla, Mod Joomulus | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action to (1) tagcloud_ell.swf, (2) tagcloud_eng.swf, (3) tagcloud_por.swf, (4) tagcloud_rus.swf, and possibly (5) tagcloud_jpn.swf. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||