Export limit exceeded: 45918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45918 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1479 | 1 Cyberfrogs | 1 Cfnetgs | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in cyberfrogs.net cfnetgs 0.24 allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-5995 | 1 Typo3 | 2 Freecap Captcha Extension, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_freecap) extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-5994 | 1 Checkpoint | 1 Connectra Ngx | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Check Point Connectra NGX R62 HFA_01 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1050 | 1 Abledesign | 1 Mycalendar | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the keyword parameter in the search menu (go=search), or (3) the username or (4) the password in a go=Login action. | ||||
| CVE-2008-5979 | 1 Ocean12 Technologies | 1 Mailing List Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter. | ||||
| CVE-2008-1165 | 1 Flyspray | 1 Flyspray | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4893 | 1 Tribiq | 1 Tribiq Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the template_path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1174 | 1 Flicks Software | 1 Authentix | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2008-1481 | 1 Webspell | 1 Webspell | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1183 | 1 Crafty Syntax Live Help | 1 Crafty Syntax Live Help | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax Live Help (CSLH) before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) livehelp.php, (2) user_questions.php, and (3) leavemessage.php. NOTE: the lostsheep.php vector is covered by CVE-2008-0848. | ||||
| CVE-2008-4661 | 1 Typo3 | 2 Page Improvements, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-1209 | 1 Xitex | 1 Xitex Webcontent M1 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in redirect.do in Xitex WebContent M1 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-3745 | 1 Ibm | 1 Rational Appscan | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
| CVE-2008-5059 | 1 Modernbill | 1 Modernbill | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the new_language parameter in a login action. | ||||
| CVE-2008-3779 | 1 Review-script | 1 Five Star Review Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action. | ||||
| CVE-2008-5944 | 1 Navboard | 1 Navboard | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter. | ||||
| CVE-2008-2871 | 1 Pegames | 1 Pegames | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in template2.php in PEGames allow remote attackers to inject arbitrary web script or HTML via the (1) sitetitle, (2) sitenav, (3) sitemain, and (4) sitealt parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-5933 | 1 Cmsisweb | 1 Cms Isweb | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action) or (2) the id_oggetto parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-1025 | 1 Apple | 2 Safari, Webkit | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion. | ||||
| CVE-2007-3484 | 1 Google | 1 Custom Search Engine | 2026-04-23 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website. | ||||