Vulnerabilities (CVE)

Filtered by CWE-79
Total 29286 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4533 1 Katan 1 Web Server 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-4532 1 Maxiscript 1 Website Directory 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action.
CVE-2008-4530 1 Drupal 1 Brilliant Gallery 2024-11-21 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers.
CVE-2008-4520 1 Autonessus 1 Autonessus 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in bulk_update.pl in AutoNessus before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the remark parameter.
CVE-2008-4513 1 Phorum 1 Phorum 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags.
CVE-2008-4488 1 Atarone 1 Atarone 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4485 1 Bluecoat 1 Security Gateway Os 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL.
CVE-2008-4481 1 Redmine 1 Redmine 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-4456 2 Mysql, Oracle 2 Mysql, Mysql 2024-11-21 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
CVE-2008-4450 1 Apache Friends 1 Xampp 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4447 1 Positive Software 1 H-sphere 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a sysinfo action.
CVE-2008-4446 1 Nucleus Cms 1 Nucleus 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-4438 1 Datafeed Studio 1 Datafeed Studio 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in Datafeed Studio 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4435 2 Rmsoft, Xoops 2 Downloads Plus Module, Xoops 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php.
CVE-2008-4432 2 Rmsoft, Xoops 2 Minishop Module, Xoops 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops allows remote attackers to inject arbitrary web script or HTML via the itemsxpag parameter.
CVE-2008-4426 1 Phlatline 1 Personal Information Manager 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action.
CVE-2008-4424 1 Domain Group Network 1 Goocms 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Domain Group Network GooCMS 1.02 allows remote attackers to inject arbitrary web script or HTML via the s parameter in a comments action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4411 1 Hp 1 System Management Homepage 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663.
CVE-2008-4408 1 Mediawiki 1 Mediawiki 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.
CVE-2008-4393 1 Verisign 1 Kontiki Delivery Management System 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery Management System (DMS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to zodiac/servlet/zodiac.