Export limit exceeded: 45870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45870 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-7133 | 1 Onlinetools | 1 Easyimagecatalogue | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php, and the d parameter to (4) describe.php and (5) addcomment.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3505 | 1 Polypager | 1 Polypager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via the nr parameter to the default URI. | ||||
| CVE-2008-3457 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php. | ||||
| CVE-2007-5979 | 1 F5 | 1 Firepass 4100 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter. | ||||
| CVE-2006-6977 | 1 Freetextbox | 1 Freetextbox | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FreeTextBox allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag. | ||||
| CVE-2008-3367 | 1 Webwizguide | 1 Web Wiz Rich Text Editor | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web Wiz Rich Text Editor (RTE) 3.x and 4.x before 4.03 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | ||||
| CVE-2008-3353 | 1 Puresw | 1 Lore | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pure Software Lore before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) article comments feature and the (2) search log feature. | ||||
| CVE-2006-6108 | 1 Ec-cube | 1 Ec-cube | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2009-1614 | 1 Gowondesigns | 1 Leap | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3009 | 1 Rubyonrails | 1 Rails | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. | ||||
| CVE-2008-3161 | 1 Ibm | 1 Maximo | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Accept, (2) Accept-Language, (3) UA-CPU, (4) Accept-Encoding, (5) User-Agent, or (6) Cookie HTTP header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-7222 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter in a RankForumAdd action. | ||||
| CVE-2008-5278 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable). | ||||
| CVE-2009-3469 | 1 Ibm | 1 Lotus Connections | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2008-2962 | 1 Myblog | 1 Myblog | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) sort parameters to index.php, and the (3) id parameter to post.php. | ||||
| CVE-2008-1306 | 1 Besavvy | 1 Savvy Content Manager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Savvy Content Manager (CM) allow remote attackers to inject arbitrary web script or HTML via the searchterms parameter to (1) searchresults.cfm, (2) search_results.cfm, and (3) search_results/index.cfm. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2884 | 1 Phpscriptsnow | 1 World\'s Tallest Buildings | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter. | ||||
| CVE-2009-3581 | 1 Sql-ledger | 1 Sql-ledger | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts Payable menu item for Add Transaction, or the name field in (3) the Customers menu item for Add Customer or (4) the Vendor menu item for Add Vendor. | ||||
| CVE-2009-0930 | 1 Debian | 1 Horde Imp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php. | ||||
| CVE-2009-1344 | 1 Drupal | 2 Drupal, Localization Client | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality. | ||||