Export limit exceeded: 357763 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46651 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46651 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5717 | 1 Hitachi | 1 Jp1 Integrated Management Service Support | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Management - Service Support 08-10 through 08-10-05, 08-11 through 08-11-03, and 08-50 through 08-50-03 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4557 | 2 Drupal, Unleashedmind | 2 Drupal, Img Assist | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with image-node creation privileges, to inject arbitrary web script or HTML via a node title. | ||||
| CVE-2007-5370 | 1 Netwin | 1 Dnewsweb | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb (DNews News Server) 57e1 allow remote attackers to inject arbitrary web script or HTML via the (1) group or (2) utag parameter. | ||||
| CVE-2009-2893 | 1 Xzeroscripts | 1 Xzero Community Classifieds | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter. | ||||
| CVE-2008-4426 | 1 Phlatline | 1 Personal Information Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action. | ||||
| CVE-2007-5091 | 1 Egroupware | 1 Egroupware | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php. | ||||
| CVE-2008-5769 | 1 Kerio | 1 Kerio Mailserver | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2587 | 1 Dragdropcart | 1 Dragdropcart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php. | ||||
| CVE-2008-3886 | 1 Dotproject | 1 Dotproject | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action, (3) the callback parameter in a public calendar action, or (4) the type parameter in a ticketsmith action. | ||||
| CVE-2009-2884 | 1 Phpscriptsnow | 1 World\'s Tallest Buildings | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter. | ||||
| CVE-2008-5682 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. | ||||
| CVE-2006-5560 | 1 Boesch It-consulting | 1 Progsys | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and unspecified vectors related to certain other files. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5719 | 1 Hitachi | 2 Groupmax Web Workflow Sdk Set For Active Server Pages, Groupmax Workflow To Development Kit For Active Server Pages | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web Workflow SDK Set for Active Server Pages before 06-52-/C and Hitachi Groupmax Workflow - Development Kit for Active Server Pages before 06-52-/A allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-3516 | 1 Adobe | 1 Presenter | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3515. | ||||
| CVE-2008-2962 | 1 Myblog | 1 Myblog | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) sort parameters to index.php, and the (3) id parameter to post.php. | ||||
| CVE-2009-4539 | 1 Sqlitemanager | 1 Sqlitemanager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. | ||||
| CVE-2008-4710 | 1 Drupal | 2 Drupal, Stock Module | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-2684 | 1 Hp | 35 Cm8050 Mfp, Cm8060 Mfp, Color Laserjet 3000n and 32 more | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script. | ||||
| CVE-2009-4352 | 1 Transware | 1 Active Mail 2003 | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0939, allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Cc, and (4) Bcc parameters. | ||||
| CVE-2007-5088 | 1 Sisd | 1 Freeside | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search/cust_bill_event.cgi in Freeside 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the failed parameter. | ||||