Total
37128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-10008 | 1 Simplesamlphp | 1 Simplesamlphp-module-openidprovider | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The identifier of the patch is 8365d48c863cf06ccf1465cc0a161cefae29d69d. It is recommended to upgrade the affected component. The identifier VDB-218473 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2010-10004 | 1 Simplesamlphp | 1 Information Cards Module | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The identifier of the patch is f6bfea49ae16dc6e179df8306d39c3694f1ef186. It is recommended to upgrade the affected component. The identifier VDB-217661 was assigned to this vulnerability. | |||||
| CVE-2010-10002 | 1 Simplesamlphp | 1 Simplesamlphp-module-openid | 2024-11-21 | 2.6 LOW | 3.1 LOW |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is identified as d652d41ccaf8c45d5707e741c0c5d82a2365a9a3. It is recommended to upgrade the affected component. VDB-217170 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2009-5159 | 2 Invisioncommunity, Microsoft | 2 Invision Power Board, Internet Explorer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. | |||||
| CVE-2009-5049 | 2 Debian, Mortbay | 2 Debian Linux, Jetty | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebApp JSP Snoop page XSS in jetty though 6.1.21. | |||||
| CVE-2009-5048 | 1 Mortbay | 1 Jetty | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. | |||||
| CVE-2009-5046 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. | |||||
| CVE-2009-4900 | 1 Pixelpost | 1 Pixelpost | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| pixelpost 1.7.1 has XSS | |||||
| CVE-2009-3724 | 1 Python-markdown2 Project | 1 Python-markdown2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues. | |||||
| CVE-2009-2802 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. | |||||
| CVE-2009-10004 | 1 Sandbox Theme Project | 1 Sandbox Theme | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has been classified as problematic. This affects the function sandbox_body_class of the file functions.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.6.1 is able to address this issue. The identifier of the patch is 8045b1e10970342f558b2c5f360e0bd135af2b10. It is recommended to upgrade the affected component. The identifier VDB-225357 was assigned to this vulnerability. | |||||
| CVE-2009-10003 | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The patch is identified as be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability. | |||||
| CVE-2009-10002 | 1 Fittr Flickr Project | 1 Fittr Flickr | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in dpup fittr-flickr. This issue affects some unknown processing of the file fittr-flickr/features/easy-exif.js of the component EXIF Preview Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 08875dd8a2e5d0d16568bb0d67cb4328062fccde. It is recommended to apply a patch to fix this issue. The identifier VDB-218297 was assigned to this vulnerability. | |||||
| CVE-2009-10001 | 1 Cool-php-captcha Project | 1 Cool-php-captcha | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2. This vulnerability affects unknown code of the file example-form.php. The manipulation of the argument captcha with the input %3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.3 is able to address this issue. The name of the patch is c84fb6b153bebaf228feee0cbf50728d27ae3f80. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218296. | |||||
| CVE-2008-7321 | 1 Tubepress | 1 Tubepress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The tubepress plugin before 1.6.5 for WordPress has XSS. | |||||
| CVE-2008-10002 | 1 Ajaxlife Project | 1 Ajaxlife | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The name of the patch is 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability. | |||||
| CVE-2008-10001 | 1 Pro2col | 1 Stingray Fts | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2006-10001 | 1 Markjaquith | 1 Subscribe To Comments | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability. | |||||
| CVE-2005-2350 | 1 Websieve Project | 1 Websieve | 2024-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface. | |||||
| CVE-2003-5003 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-11-20 | 4.3 MEDIUM | 5.0 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||