Export limit exceeded: 45720 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45720 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4381 | 1 Texmedia | 1 Million Pixel Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in texmedia Million Pixel Script 3 allows remote attackers to inject arbitrary web script or HTML via the pa parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4397 | 2 Fr.simon Rundell, Typo3 | 2 Pd Resources, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4398 | 2 Fr.simon Rundell, Typo3 | 2 Hs Religiousartgallery, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4403 | 1 Rumbacms | 1 Rumba Xml | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4408 | 1 Pyforum | 1 Pyforum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in models.parser in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to inject arbitrary web script or HTML via crafted BBcode (1) img or (2) url tags, which are not properly handled when a post is viewed. | ||||
| CVE-2009-4416 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw_" sequence. | ||||
| CVE-2009-4425 | 1 Idevspot | 1 Idevcart | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in iDevCart 1.09 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter in a browse action. | ||||
| CVE-2009-4429 | 2 Alexander Hass, Drupal | 2 Sections Module, Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field). | ||||
| CVE-2009-0237 | 1 Microsoft | 2 Forefront Threat Management Gateway, Internet Security And Acceleration Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via "authentication input" to this component, aka "Cross-Site Scripting Vulnerability." | ||||
| CVE-2009-0247 | 1 53kf | 1 Web Im 2009 | 2026-04-23 | N/A |
| The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting (XSS), which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable. | ||||
| CVE-2009-3283 | 1 Phpspot | 6 Php \& Css Bbs, Php Bbs, Php Bbs Ce and 3 more | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to cookies. | ||||
| CVE-2009-0303 | 1 Webhelpdesk | 1 Web Help Desk | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and Helpdesk.woa. | ||||
| CVE-2009-0307 | 1 Rim | 1 Blackberry Enterprise Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters. | ||||
| CVE-2008-5039 | 2 Php-nuke, Phpnuke | 2 League Module, Php-nuke | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php. | ||||
| CVE-2009-0762 | 1 Scriptsez | 1 Ez Php Comment | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP Comment allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-0763 | 1 Bookelves | 1 Kipper | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 allows remote attackers to inject arbitrary web script or HTML via the charm parameter. | ||||
| CVE-2009-0805 | 2 Mihai Bazon, Xoops | 2 Pical, Xoops | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php. | ||||
| CVE-2007-3064 | 1 Mealex | 1 My Datebook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter. | ||||
| CVE-2009-0850 | 1 Bitdefender | 1 Internet Security | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in BitDefender Internet Security 2009 allows user-assisted remote attackers to inject arbitrary web script or HTML via the filename of a virus-infected file, as demonstrated by a filename inside a (1) rar or (2) zip archive file. | ||||
| CVE-2009-0855 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||