Total
44210 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6495 | 1 Zirkon Box | 1 Yappa-ng | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter. | ||||
| CVE-2008-6500 | 1 Codetoad | 1 Asp Shopping Cart Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI. | ||||
| CVE-2008-6174 | 1 Jetbox | 1 Jetbox Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/postlister/index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the liste parameter. | ||||
| CVE-2008-2458 | 1 4shared | 1 Starsgames Control Panel | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Starsgames Control Panel 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the st parameter. | ||||
| CVE-2008-6894 | 1 3cx | 1 Phone System | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in login.php in 3CX Phone System Free Edition 6.1793 and 6.0.806.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fName and (2) fPassword parameters. | ||||
| CVE-2008-4872 | 1 Itechscripts | 1 Itechbids | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4891 | 1 Planetluc | 1 Signme | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in signme.inc.php in Planetluc SignMe 1.5 before 1.55 allows remote attackers to inject arbitrary web script or HTML via the hash parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4903 | 1 Typosphere | 1 Typo | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the leave comment (feedback) feature in Typo 5.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) comment[author] (Name) and (2) comment[url] (Website) parameters. | ||||
| CVE-2008-4909 | 1 Compact Cms | 1 Compact Cms | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and earlier allows remote attackers to perform unauthorized actions as legitimate users via unspecified vectors. | ||||
| CVE-2008-6238 | 1 Openedit | 1 Openedit Digital Asset Management | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in archive/savedqueries/savequeryfinish.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2008-2675 | 1 Softcomplex | 1 Php Image Gallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHP Image Gallery allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0416 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets. | ||||
| CVE-2008-2761 | 1 Xigla | 1 Absolute Banner Manager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in (1) searchbanners.asp and (2) listadvertisers.asp, and other unspecified fields. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0720 | 1 Webmin | 2 Usermin, Webmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-2117 | 1 Project Alumni | 1 Project Alumni | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126. | ||||
| CVE-2008-0505 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters. | ||||
| CVE-2008-4745 | 1 Uniwin | 1 Ecart Professional | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-4717 | 1 Claroline | 1 Claroline | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php. | ||||
| CVE-2008-6041 | 1 Dataspade | 1 Dataspade | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in Dataspade 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ViewName, (2) TableName, (3) OrderBy, and (4) FilterField parameters. | ||||
| CVE-2008-4447 | 1 Positive Software | 1 H-sphere | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a sysinfo action. | ||||