Total
37570 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5212 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings. | |||||
| CVE-2006-6359 | 1 Stefan Frech | 1 Online-bookmarks | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-2248 | 1 Phorum | 1 Phorum | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module. | |||||
| CVE-2008-6144 | 1 Typo3 | 2 Typo3, Wec Discussion Forum | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029. | |||||
| CVE-2009-3260 | 1 Livestreet | 1 Livestreet | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment. | |||||
| CVE-2008-0284 | 1 Simple Machines | 1 Simple Machines Smf | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments. | |||||
| CVE-2008-3237 | 1 Itechscripts | 1 Itechbids | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter. | |||||
| CVE-2008-4803 | 1 Simple Php Scripts | 1 Gallery | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Simple PHP Scripts gallery 0.1, 0.3, and 0.4 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-7175 | 2 Alex Rabe, Wordpress | 2 Nextgen Gallery, Wordpress | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action. | |||||
| CVE-2008-2758 | 1 Xigla | 1 Absolute News Manager Xe | 2025-04-09 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b) admin/publishers.asp, and other unspecified vectors to (c) anmviewer.asp and (d) editarticleX.asp in admin/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2302 | 1 Avatic | 1 Aardvark Topsites Php | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. NOTE: it was later reported that 5.2.1 is also affected. | |||||
| CVE-2008-2848 | 1 Mindtouch | 1 Dekiwiki | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search functionality in MindTouch DekiWiki before 8.05.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-1916 | 1 Drupal | 1 Ubercart Module | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428. | |||||
| CVE-2008-1073 | 1 Internet Security Systems | 1 Internet Scanner | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the report interface in Internet Security Systems (ISS) Internet Scanner 7.0 Service Pack 2 Build 7.2.2005.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-5624 | 1 Nagios | 1 Nagios | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. | |||||
| CVE-2008-7133 | 1 Onlinetools | 1 Easyimagecatalogue | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php, and the d parameter to (4) describe.php and (5) addcomment.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3404 | 1 Mdsjack | 1 Mjguest | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.js.php in MJGuest 6.8 GT allows remote attackers to inject arbitrary web script or HTML via the link parameter. | |||||
| CVE-2008-1953 | 1 Magnolia | 1 Site Designer | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4931 | 1 Firmchannel | 1 Digital Signage | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the account module in firmCHANNEL Digital Signage 3.24, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php. | |||||
| CVE-2008-1037 | 1 Packeteer | 2 Packetshaper, Policycenter | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page. | |||||