Export limit exceeded: 45729 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45729 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45729 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5648 | 1 Rnote | 1 Rnote | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in rNote 0.9.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) d or the (2) u parameter. | ||||
| CVE-2007-5649 | 1 Socketmail | 1 Socketmail | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative Digital Resources SocketMail 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the lost_id parameter. | ||||
| CVE-2009-3493 | 1 Zenas | 1 Paobacheca Guestbook | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php. | ||||
| CVE-2008-2808 | 3 Mozilla, Redhat, Ubuntu | 10 Firefox, Seamonkey, Thunderbird and 7 more | 2026-04-23 | N/A |
| Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. | ||||
| CVE-2009-3496 | 1 Vastal | 1 Dvd Zone | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter. | ||||
| CVE-2009-3856 | 1 Twilightcms | 1 Twilight Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3858 | 1 Gejosoft | 1 Gejosoft | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in GejoSoft allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI in photos/tags. | ||||
| CVE-2008-3786 | 1 Picturespro | 1 Picturespro Photo Cart | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action. | ||||
| CVE-2009-3506 | 1 Jean-michel Wyttenbach | 1 Cmsphp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) cook_user parameter to index.php and the (2) name parameter to modules.php. | ||||
| CVE-2009-3512 | 1 Phplemon | 1 Myweight | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php. | ||||
| CVE-2009-3513 | 1 Pilotgroup | 1 Pg Etraining | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php. | ||||
| CVE-2009-3530 | 1 Radscripts | 1 Radbids | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remote attackers to inject arbitrary web script or HTML via the mode parameter. | ||||
| CVE-2007-5806 | 1 Ilias | 1 Ilias | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Services/Utilities/classes/class.ilUtil.php in ILIAS 3.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the (1) mailing or (2) forum component, as demonstrated using the style and onmouseover HTML attributes. | ||||
| CVE-2009-3579 | 1 Mortbay | 1 Jetty | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/. | ||||
| CVE-2009-3581 | 1 Sql-ledger | 1 Sql-ledger | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts Payable menu item for Add Transaction, or the name field in (3) the Customers menu item for Add Customer or (4) the Vendor menu item for Add Vendor. | ||||
| CVE-2008-2458 | 1 4shared | 1 Starsgames Control Panel | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Starsgames Control Panel 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the st parameter. | ||||
| CVE-2009-3592 | 1 Qtmsoft | 1 X-cart | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823. | ||||
| CVE-2009-3593 | 1 Freewebscriptz | 1 Freelancers | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to placebid.php and (2) jobid parameter to post_resume.php. | ||||
| CVE-2008-2452 | 1 Inmedias | 1 Questionaire | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Questionaire (aka pbsurvey) extension 1.2.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3594 | 1 Blob | 1 Blog System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter. | ||||