Export limit exceeded: 45901 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45901 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6620 | 1 Grafxsoftware | 1 Minicwb | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php in GraFX miniCWB 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errcontext, (2) _GET, (3) _POST, (4) _SESSION, (5) _SERVER, and (6) fckphp_config[Debug_SERVER] parameters. | ||||
| CVE-2008-6629 | 1 Webbdomain | 1 Webshop Online | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2008-6646 | 1 Coronamatrix | 1 Phpaddressbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2008-6510 | 1 Igniterealtime | 1 Openfire | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter. | ||||
| CVE-2008-6681 | 1 Dojotoolkit | 1 Dojo | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element. | ||||
| CVE-2008-6682 | 1 Apache | 1 Struts | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag. | ||||
| CVE-2008-6757 | 1 Viart | 1 Viart Shop | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in manuals_search.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to inject arbitrary web script or HTML via the manuals_search parameter. | ||||
| CVE-2008-6850 | 1 Php-fusion | 1 Php-fusion | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-6888 | 1 Preprojects | 1 Pre Classified Listings | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter. | ||||
| CVE-2008-6893 | 2 Alt-n, Microsoft | 2 Worldclient, Internet Explorer | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag. | ||||
| CVE-2008-6982 | 1 Devalcms | 1 Devalcms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter. | ||||
| CVE-2008-2272 | 1 Aruba Networks | 1 Aruba Mobility Controller | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.5.x, 2.5.6.x, 3.1.1.x, 3.2.0.x, and 3.3.1.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-7017 | 1 Cacert | 1 Cacert | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate. | ||||
| CVE-2008-7018 | 1 Nashtech | 1 Easy Php Calendar | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an add action in index.php. | ||||
| CVE-2008-7035 | 2 Phpraider, Simple Machines | 2 Phpraider, Phpraider | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in an unspecified component in Simple Machines phpRaider 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the resistance field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-7121 | 1 Mrcgiguy | 1 Hot Links Sql-php | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar. | ||||
| CVE-2008-2236 | 1 Blosxom | 1 Blosxom | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the flav parameter (flavour variable). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-7202 | 1 Openwebmail.acatysmoof | 1 Openwebmail | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail before 2.53 (Stable) allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2008-7206 | 1 Stefan Ritt | 1 Elog Web Logbook | 2026-04-23 | N/A |
| Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 has unknown impact and attack vectors when the "logbook contains HTML code," probably cross-site scripting (XSS). | ||||
| CVE-2008-7242 | 1 Modxcms | 1 Modxcms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6.1 and 0.9.6.1p1 allo remote attackers to inject arbitrary web script or HTML via the (1) search, (2) "a," (3) messagesubject, and (4) messagebody parameters to certain pages as reachable from manager/index.php; (5) highlight, (6) id, (7) email, (8) name, and (9) parent parameters to index.php; and the (10) docgrp and (11) moreResultsPage parameters to index-ajax.php. | ||||