Export limit exceeded: 45911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45911 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4406 | 1 Apc | 3 Aos, Ap7932 B2, Ap7932 B2 Firmware | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Forms/login1 in American Power Conversion (APC) Switched Rack PDU AP7932 B2, running rpdu 3.3.3 or 3.7.0 on AOS 3.3.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the login_username parameter. | ||||
| CVE-2007-3918 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter. | ||||
| CVE-2009-1458 | 1 Razorcms | 1 Razorcms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in razorCMS before 0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the slab parameter in an edit action, (2) the catname parameter in a showcats action, and (3) the cat parameter in a reordercat action. | ||||
| CVE-2009-1451 | 1 Bluevirus-design | 1 Sma-db | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB 0.3.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2008-6764 | 1 Hypersilence | 1 Silentum Loginsys | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Silentum LoginSys 1.0.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2008-0622 | 1 Raidenhttpd | 1 Raidenhttpd | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in RaidenHTTPD 2.0.19 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the ulang parameter. | ||||
| CVE-2008-3397 | 1 Runesoft | 1 Cerberus Cms | 2026-04-23 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie. | ||||
| CVE-2006-5534 | 1 Zwahlen Informatik | 1 Online Shop | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) Kat, (3) id, or (4) no parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-1621 | 1 Geertsen Holdings Inc | 1 Geecarts | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-6321 | 1 Roundcube | 1 Webmail | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands. | ||||
| CVE-2008-7220 | 2 Debian, Prototypejs | 2 Debian Linux, Prototype | 2026-04-23 | N/A |
| Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors. | ||||
| CVE-2007-4836 | 1 Phpmyquote | 1 Phpmyquote | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action. | ||||
| CVE-2007-4831 | 1 Torrenttrader | 1 Torrenttrader | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters. | ||||
| CVE-2009-3152 | 1 Nt | 1 Bbs E-market | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view action. | ||||
| CVE-2009-3950 | 1 Bract | 1 Suntrack | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bractus SunTrack allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to newprofile.html; the (2) firstname, (3) lastname, and (4) company parameters to signup/signup.html; and the (5) firstname, (6) lastname, and (7) address[0].street1 parameters to contact.html. | ||||
| CVE-2008-7092 | 1 Unica | 1 Affinium Campaign | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to Campaign/Campaign; (4) a Javascript event in the displayIcon parameter to Campaign/updateOfferTemplateSubmit.do (aka the templates web page); (5) crafted input to Campaign/CampaignListener (aka the listener server), which is not properly handled when displaying the status log; and (6) id parameter to Campaign/campaignDetails.do, (7) id parameter to Campaign/offerDetails.do, (8) function parameter to Campaign/Campaign, (9) sessionID parameter to Campaign/runAllFlowchart.do, (10) id parameter in an edit action to Campaign/updateOfferTemplatePage.do, (11) Frame parameter in a LoadFrame action to Campaign/Campaign, (12) affiniumUserName parameter to manager/jsp/test.jsp, (13) affiniumUserName parameter to Campaign/main.do, and possibly other vectors. | ||||
| CVE-2008-7134 | 1 Redgalaxy | 1 Download Center | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-7147 | 1 Intralearn | 1 Intralearn | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allow remote attackers to inject arbitrary web script or HTML via the (1) outline and (2) course parameters to library/description_link.cfm, or the (3) records_to_display and (4) the_start parameters to library/courses_catalog.cfm. | ||||
| CVE-2008-7150 | 2 Ber Kessels, Drupal | 2 Refine By Taxo, Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a taxonomy term, which is not properly handled by refine_by_taxo when displaying tags. | ||||
| CVE-2009-3121 | 2 Chris Shattuck, Drupal | 2 Ajaxtable, Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||