Total
28666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3184 | 1 Vbulletin | 1 Vbulletin | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code. | |||||
| CVE-2008-3029 | 1 Typo3 | 1 Wec Discussion Forum | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-0764 | 1 Bookelves | 1 Kipper | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 allow remote attackers to inject arbitrary web script or HTML via the charm parameter to (1) index.php and (2) kipper.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1621 | 1 Geertsen Holdings Inc | 1 Geecarts | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0162 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. | |||||
| CVE-2008-6589 | 2 Lightneasy, Sqlite | 2 Lightneasy, Sqlite | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. | |||||
| CVE-2007-3653 | 1 Fascript | 1 Faname | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php. | |||||
| CVE-2008-2507 | 1 Brown Bear Software | 1 Calcium | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Calcium40.pl in Brown Bear Software Calcium 3.10 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the CalendarName parameter in a ShowIt action. | |||||
| CVE-2009-2887 | 1 Phpscriptsnow | 1 President Bios | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter. | |||||
| CVE-2009-1030 | 1 Wordpress | 1 Wordpress Mu | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. | |||||
| CVE-2008-7043 | 1 Freshscripts | 1 Fresh Email Script | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in register.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to inject arbitrary web script or HTML via the Email parameter. NOTE: this can be leveraged to modify cookies and conduct session fixation attacks. | |||||
| CVE-2008-3849 | 1 Civic-cms | 1 Civic-cms | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the calendar controller in Civic Website Manager before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving (1) month, (2) day, and (3) year fields. | |||||
| CVE-2008-4435 | 2 Rmsoft, Xoops | 2 Downloads Plus Module, Xoops | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php. | |||||
| CVE-2008-0125 | 1 Phpstats | 1 Phpstats | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wagner phpstats 0.1 alpha allows remote attackers to inject arbitrary web script or HTML via the baseDir parameter. | |||||
| CVE-2009-2565 | 1 T-okada | 1 Shiromuku\(fs6\)diary | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. Shiromuku shiromuku(fs6)DIARY 2.40 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3017 | 1 Orcabrowser | 1 Orca Browser | 2024-02-04 | 4.3 MEDIUM | N/A |
| Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (3) injecting a Location header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location HTTP response header or (6) specifying the content of a Location HTTP response header. | |||||
| CVE-2009-3444 | 1 E107 | 1 E107 | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action. | |||||
| CVE-2008-5250 | 1 Mediawiki | 1 Mediawiki | 2024-02-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page. | |||||
| CVE-2009-0393 | 1 Motorola | 1 Cpei300 | 2024-02-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2009-3487 | 1 Juniper | 1 Junos | 2024-02-04 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the jexec program; the (2) act, (3) refresh-time, or (4) ifid parameter to scripter.php; (5) the revision parameter in a rollback action to the configuration program; the m[] parameter to the (6) monitor, (7) manage, (8) events, (9) configuration, or (10) alarms program; (11) the m[] parameter to the default URI; (12) the m[] parameter in a browse action to the default URI; (13) the wizard-next parameter in an https action to the configuration program; or the (14) Contact Information, (15) System Description, (16) Local Engine ID, (17) System Location, or (18) System Name Override SNMP parameter, related to the configuration program. | |||||