Export limit exceeded: 45721 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45721 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3012 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site. | ||||
| CVE-2008-2761 | 1 Xigla | 1 Absolute Banner Manager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in (1) searchbanners.asp and (2) listadvertisers.asp, and other unspecified fields. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3011 | 1 Google | 1 Chrome | 2026-04-23 | N/A |
| Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: the JavaScript executes outside of the context of the HTTP site. | ||||
| CVE-2009-3010 | 1 Mozilla | 3 Firefox, Mozilla, Seamonkey | 2026-04-23 | N/A |
| Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site. | ||||
| CVE-2009-3009 | 1 Rubyonrails | 1 Rails | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. | ||||
| CVE-2007-4557 | 1 Novell | 1 Groupwise Webaccess | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2. | ||||
| CVE-2007-6617 | 1 Atlassian | 1 Jira | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4761 | 1 Kayako | 1 Esupport | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue is probably in the HTMLArea HTMLTidy (HTML Tidy) plugin, not eSupport. | ||||
| CVE-2009-3320 | 1 Zenas | 1 Paolink | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2009-2920 | 1 Elvinbts | 1 Elvinbts | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail, (5) Pass, and (6) Confirm pass fields to createaccount.php. | ||||
| CVE-2008-2764 | 1 Xigla | 1 Absolute Live Support Xe | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors ("all fields"). | ||||
| CVE-2009-2919 | 1 Boonex | 1 Orca | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field. | ||||
| CVE-2008-3730 | 1 Nordicwind | 2 Noah, Nordicwind Document Management System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-4588 | 1 Interworx | 1 Web Control Panel | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php. | ||||
| CVE-2007-4595 | 1 The Seasar Foundation | 1 Mayaa | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows remote attackers to inject arbitrary web script or HTML in certain circumstances involving (1) lack of charset specification within a META element or (2) a META element that specifies an unrecognized charset, which trigger automatic character set recognition by the web browser, as demonstrated by improper handling of UTF-7 data. | ||||
| CVE-2009-3222 | 1 Freewebscriptz | 1 Honest Traffic | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in FreeWebScriptz Honest Traffic (FWSHT) 1.x allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2009-2897 | 1 Springsource | 3 Application Management Suite, Hyperic Hq, Tc Server | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/GenericError.jsp in the generic exception handler in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allow remote attackers to inject arbitrary web script or HTML via invalid values for numerical parameters, as demonstrated by an uncaught java.lang.NumberFormatException exception resulting from (1) the typeId parameter to mastheadAttach.do, (2) the eid parameter to Resource.do, and (3) the u parameter in a view action to admin/user/UserAdmin.do. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-2766 | 1 Xigla | 1 Absolute Image Gallery Xe | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Xigla Absolute Image Gallery XE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) admin/search.asp and (2) gallery.asp. | ||||
| CVE-2008-1003 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain. | ||||
| CVE-2009-3225 | 1 Almondsoft | 1 Almond Classifieds | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php. NOTE: some of these details are obtained from third party information. | ||||