Total
43961 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0573 | 1 Fotoware | 1 Fotoweb | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx. | ||||
| CVE-2008-1985 | 1 Digital Hive | 1 Digitalhive | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php. | ||||
| CVE-2008-6683 | 1 Yourfreeworld | 1 Apartment Search Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter. | ||||
| CVE-2008-6915 | 1 Zeeways | 1 Zeeproperty | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in view_prop_details.php in Zeeways ZEEPROPERTY 1.0 allows remote attackers to inject arbitrary web script or HTML via the propid parameter. | ||||
| CVE-2007-6673 | 1 Makale Scripti | 1 Makale Scripti | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action. | ||||
| CVE-2007-6687 | 1 Menalto | 1 Gallery | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module. | ||||
| CVE-2007-6704 | 1 F5 | 1 Firepass 4100 | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3. | ||||
| CVE-2008-3516 | 1 Adobe | 1 Presenter | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3515. | ||||
| CVE-2008-5026 | 1 Microsoft | 1 Sharepoint Server | 2026-04-23 | N/A |
| Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents. | ||||
| CVE-2008-5193 | 1 Philboard | 1 Philboard | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024. | ||||
| CVE-2009-3105 | 1 Ibm | 1 Domino Web Access | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC. | ||||
| CVE-2009-4249 | 1 Cutephp | 1 Cutenews | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters to index.php; and (3) the title parameter to search.php. | ||||
| CVE-2010-0321 | 1 Jamit | 1 Jamit Job Board | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Job Board 3.0 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter. | ||||
| CVE-2009-4317 | 1 Scriptsez | 1 Ez Cart | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Cart allows remote attackers to inject arbitrary web script or HTML via the sid parameter in a showcat action. | ||||
| CVE-2009-3300 | 1 Internet2 | 2 Identity Provider, Service Provider | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms. | ||||
| CVE-2009-4379 | 1 Valarsoft | 1 Webmatic | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-2924. | ||||
| CVE-2009-4397 | 2 Fr.simon Rundell, Typo3 | 2 Pd Resources, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-4320 | 1 Opennms.org | 1 Opennms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list. | ||||
| CVE-2009-1732 | 1 Richard Ellerbrock | 1 Ipplan | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/usermanager in IPplan 4.91a allows remote attackers to inject arbitrary web script or HTML via the grp parameter. | ||||
| CVE-2008-4326 | 2 Microsoft, Phpmyadmin | 2 Internet Explorer, Phpmyadmin | 2026-04-23 | N/A |
| The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. | ||||