Total
37638 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2182 | 1 In2code | 1 Powermail | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.1.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-5203 | 1 Poweraward | 1 Poweraward | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter. | |||||
CVE-2008-6655 | 1 Comscripts | 1 Gedcom To Mysl | 2025-04-09 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php; the (3) nom_branche parameter to php/index.php; and the (4) nom_branche, (5) nom, and (6) prenom parameters to php/info.php. | |||||
CVE-2007-6704 | 1 F5 | 1 Firepass 4100 | 2025-04-09 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3. | |||||
CVE-2009-2814 | 1 Apple | 1 Mac Os X Server | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding. | |||||
CVE-2008-1047 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-5761 | 1 Flatnux | 1 Flatnux | 2025-04-09 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name parameter in an insertrecord action to index.php in the 08_Files module, as demonstrated by injection within a SRC attribute of an IFRAME element. | |||||
CVE-2008-1413 | 1 Snews | 1 Snews Cms Rus | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus 2.1 through 2.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
CVE-2008-1285 | 1 Sun | 1 Jsf | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
CVE-2008-5056 | 1 Activecampaign | 1 Triolive | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to inject arbitrary web script or HTML via the department_id parameter to index.php. | |||||
CVE-2007-0891 | 1 Matthieu Aubry | 1 Phpmyvisites | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
CVE-2008-3501 | 1 Novell | 1 Groupwise | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2006-6162 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-2162 | 2 Ishii, Xoops | 2 Pukiwikimod, Xoops | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-4530 | 1 Drupal | 1 Brilliant Gallery | 2025-04-09 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers. | |||||
CVE-2008-4120 | 1 Flatpress | 1 Flatpress | 2025-04-09 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php. | |||||
CVE-2009-0283 | 1 Aobosoft | 1 Oblog | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
CVE-2008-1003 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain. | |||||
CVE-2008-3121 | 1 Xerox | 1 Centreware Web | 2025-04-09 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2007-6520 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. |