Vulnerabilities (CVE)

Filtered by CWE-79
Total 29286 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6501 1 Prochatrooms 1 Pro Chat Rooms 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro Chat Rooms 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the gud parameter.
CVE-2008-6500 1 Codetoad 1 Asp Shopping Cart Script 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
CVE-2008-6495 1 Zirkon Box 1 Yappa-ng 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
CVE-2008-6476 1 Dotnetblogengine 1 Blogengine.net 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2008-6465 1 Parallels 1 H-sphere 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters.
CVE-2008-6450 1 Under Construction Baby 1 Pc2m 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Under Construction, Baby (UCB) PC2M 0.9.22.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-6448 1 Skyarc 1 Mtcms Wysiwyg Editor 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC System MTCMS WYSIWYG Editor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6439 1 Abledating 1 Abledating 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
CVE-2008-6437 1 Lukas Waldauf 1 Phpfreeforum 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1.0 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to error.php, and the (2) nickname and (3) randomid parameters to part/menu.php.
CVE-2008-6436 1 Xerox 1 Workcentre 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6435 1 Phpsqlitecms 1 Phpsqlitecms 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpSQLiteCMS 1 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[home], (2) lang[admin_menu], and (3) lang[admin_menu_page_overview] parameters to cms/includes/header.inc.php; and the (4) lang[login_username] and (5) lang[login_password] parameters to cms/includes/login.inc.php.
CVE-2008-6433 1 Blueriver 1 Sava Cms 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.
CVE-2008-6431 1 Bmforum 1 Bmforum 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) outpused parameter to index.php, the (2) footer_copyright and (3) verandproname parameters to newtem/footer/bsd01footer.php, and the (4) topads and (5) myplugin parameters to newtem/header/bsd01header.php.
CVE-2008-6428 1 Kayalang 1 Kaya 2024-11-21 4.3 MEDIUM N/A
The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2008-6416 1 Greensql 1 Greensql-console 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Console before 0.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "internal pages."
CVE-2008-6413 2 Drupal, Ticklespace 2 Drupal, Answers Module 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question.
CVE-2008-6406 1 Datalifecms 1 Datalife Engine 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engine (DLE) 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2008-6404 1 Extrosoft 1 Thyme 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
CVE-2008-6400 1 Refbase 1 Refbase 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6396 1 Celerondude 1 Uploader 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in account.php in Celerondude Uploader 6.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.