Search Results (47037 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2761 1 Xigla 1 Absolute Banner Manager 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in (1) searchbanners.asp and (2) listadvertisers.asp, and other unspecified fields. NOTE: some of these details are obtained from third party information.
CVE-2008-2756 1 Xigla 1 Absolute Control Panel Xe 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla Absolute Control Panel XE 1.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter and other unspecified parameters. NOTE: some of these details are obtained from third party information.
CVE-2008-6400 1 Refbase 1 Refbase 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. NOTE: some of these details are obtained from third party information.
CVE-2009-2919 1 Boonex 1 Orca 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field.
CVE-2009-3696 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.
CVE-2008-6406 1 Datalifecms 1 Datalife Engine 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engine (DLE) 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2008-5842 1 Fujitsu-siemens 1 Webtransactions 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via vectors associated with (1) a demo application shipped with WebTransactions and possibly (2) an unspecified "dynamic application."
CVE-2007-3033 1 Microsoft 1 Windows Vista 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.
CVE-2006-6729 1 A-blog 1 A-blog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-6733 1 Osticket 1 Osticket Sts 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in support/view.php in Support Cards 1 (osTicket) allows remote attackers to inject arbitrary web script or HTML via the e parameter.
CVE-2008-6413 2 Drupal, Ticklespace 2 Drupal, Answers Module 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question.
CVE-2009-4544 1 Cromosoft 1 Facil Helpdesk 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2009-4580 1 Hastablog 1 Hasta Blog 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) yorumyaz.php and (2) blog.php.
CVE-2006-6832 1 Joomla 1 Joomla 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.
CVE-2008-6004 1 Aj Square 1 Aj Auction 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter.
CVE-2009-3901 1 Ecouriersoftware 1 E-courirer Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.
CVE-2009-3903 1 Manageengine 1 Netflow Analyzer 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4931 1 Firmchannel 1 Digital Signage 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the account module in firmCHANNEL Digital Signage 3.24, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.
CVE-2009-4370 1 Drupal 1 Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview.
CVE-2008-4149 1 Drupal 1 Link To Us 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to Us module 5.x before 5.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link page header" field.