Export limit exceeded: 357449 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46624 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-7147 | 1 Intralearn | 1 Intralearn | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allow remote attackers to inject arbitrary web script or HTML via the (1) outline and (2) course parameters to library/description_link.cfm, or the (3) records_to_display and (4) the_start parameters to library/courses_catalog.cfm. | ||||
| CVE-2007-1063 | 1 Cisco | 12 Unified Ip Phone 7906g, Unified Ip Phone 7911g, Unified Ip Phone 7941g and 9 more | 2026-04-23 | N/A |
| The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device. | ||||
| CVE-2009-2172 | 2 Dream, Jelsoft | 2 Radio And Tv Player Addon For Vbulletin, Vbulletin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter. | ||||
| CVE-2009-2181 | 1 Campware.org | 1 Campsite | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin-files/templates/list_dir.php in Campsite 3.3.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the listbasedir parameter. | ||||
| CVE-2007-6243 | 2 Adobe, Redhat | 2 Flash Player, Rhel Extras | 2026-04-23 | N/A |
| Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. | ||||
| CVE-2008-2744 | 1 Vbulletin | 1 Vbulletin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors and an "obscure method." NOTE: the vector is probably in the redirect parameter to the Admin Control Panel (admincp/index.php). | ||||
| CVE-2008-2668 | 1 Y-blog | 1 Yblog | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php. | ||||
| CVE-2008-2117 | 1 Project Alumni | 1 Project Alumni | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126. | ||||
| CVE-2008-6550 | 1 Davidbourrier | 1 Glossaire | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire 2.0 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-7017 | 1 Cacert | 1 Cacert | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate. | ||||
| CVE-2008-6431 | 1 Bmforum | 1 Bmforum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) outpused parameter to index.php, the (2) footer_copyright and (3) verandproname parameters to newtem/footer/bsd01footer.php, and the (4) topads and (5) myplugin parameters to newtem/header/bsd01header.php. | ||||
| CVE-2007-4874 | 1 Boesch-it | 1 Simpnews | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php. | ||||
| CVE-2010-0331 | 2 Stefan Tannhaeuser, Typo3 | 2 Tv21 Talkshow, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-1593 | 1 Armorlogic | 1 Profense Web Application Firewall | 2026-04-23 | N/A |
| Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element. | ||||
| CVE-2010-0346 | 1 Typo3 | 2 Mimi Tipfriends, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-1729 | 1 Sun | 1 Java System Communications Express | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain. | ||||
| CVE-2009-1367 | 1 Mozilo | 1 Mozilocms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a. | ||||
| CVE-2009-1749 | 1 Joost Horward | 1 Catviz | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) userman_form and (2) webpages_form parameters. | ||||
| CVE-2008-6946 | 1 Collabtive | 1 Collabtive | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php. | ||||
| CVE-2008-6597 | 1 Phpcredo | 1 Phcdownload | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||