Export limit exceeded: 23287 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 23832 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45721 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45721 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2586 | 1 Edgephp | 1 Ezarticles | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in articles.php in EDGEPHP EZArticles allows remote attackers to inject arbitrary web script or HTML via the title parameter. | ||||
| CVE-2009-2587 | 1 Dragdropcart | 1 Dragdropcart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php. | ||||
| CVE-2009-2595 | 1 Censura | 1 Censura | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in productSearch.html in Censura 2.0.4 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a ProductSearch action. | ||||
| CVE-2009-2610 | 2 Drupal, Scott Courtney | 2 Drupal, Links Package | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field. | ||||
| CVE-2008-3664 | 1 Xrms | 1 Xrms Crm | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field, related to the user list; (2) the target parameter to login.php, (3) the title parameter to activities/some.php, (4) the company_name parameter to companies/some.php, (5) the last_name parameter to contacts/some.php, (6) the campaign_title parameter to campaigns/some.php, (7) the opportunity_title parameter to opportunities/some.php, (8) the case_title parameter to cases/some.php, (9) the file_id parameter to files/some.php, or (10) the starting parameter to reports/custom/mileage.php, a related issue to CVE-2008-1129. | ||||
| CVE-2009-2919 | 1 Boonex | 1 Orca | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field. | ||||
| CVE-2009-2920 | 1 Elvinbts | 1 Elvinbts | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail, (5) Pass, and (6) Confirm pass fields to createaccount.php. | ||||
| CVE-2009-2928 | 1 Tgs-cms | 1 Tgs Content Management | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary web script or HTML via the previous_page parameter, a different vector than CVE-2008-6839. | ||||
| CVE-2009-2930 | 1 Elkagroup | 1 Elkapax Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Search feature in elka CMS (aka Elkapax) allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI. | ||||
| CVE-2009-2932 | 1 Sap | 1 Netweaver | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field. | ||||
| CVE-2009-2937 | 1 Intertwingly | 2 Planet, Planet Venus | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed. | ||||
| CVE-2009-2947 | 1 Xapian | 1 Omega | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages. | ||||
| CVE-2007-2206 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a leading "<"<" in the ripeformpost parameter. | ||||
| CVE-2007-2801 | 1 Eticket | 1 Eticket | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters. NOTE: the vendor disputes the significance of the issue, stating that "eTicket is not designed to work with register_globals On." | ||||
| CVE-2008-2675 | 1 Softcomplex | 1 Php Image Gallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHP Image Gallery allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2811 | 1 Osk | 1 Advance-flow | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-2677 | 1 Telephone | 1 Telephone Directory 2008 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | ||||
| CVE-2008-2979 | 1 Ourvideo Cms | 1 Ourvideo Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php in Ourvideo CMS 9.5 allow remote attackers to inject arbitrary web script or HTML via the (1) top_page and (2) end_page parameters. | ||||
| CVE-2007-2910 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909. | ||||
| CVE-2008-2680 | 1 Realm Project | 1 Realm Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp in Realm CMS 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) CmpctedDB and (2) Boyut parameters. | ||||