Search Results (47032 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2640 1 Adobe 2 Flex, Flex Builder 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. NOTE: Firefox 2.0 and possibly other browsers prevent exploitation.
CVE-2008-2637 1 F5 1 Firepass Ssl Vpn 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.
CVE-2007-4977 1 Coppermine 1 Coppermine Photo Gallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.
CVE-2009-4557 2 Drupal, Unleashedmind 2 Drupal, Img Assist 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with image-node creation privileges, to inject arbitrary web script or HTML via a node title.
CVE-2006-7142 1 Utimaco 1 Safeguard 2026-04-23 7.8 High
The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive.
CVE-2008-0540 1 Trixbox 1 Trixbox 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/.
CVE-2009-2893 1 Xzeroscripts 1 Xzero Community Classifieds 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter.
CVE-2007-5051 1 Phpgedview 1 Phpgedview 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) box_width, (2) PEDIGREE_GENERATIONS, and (3) rootid parameters in ancestry.php, and the (4) newpid parameter in timeline.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2533 1 Fkrauthan 1 Phoenix View Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ltarget parameter to (a) admin/admin_frame.php and the (2) conf parameter to (b) gbuch.admin.php, (c) links.admin.php, (d) menue.admin.php, (e) news.admin.php, and (f) todo.admin.php in admin/module/.
CVE-2008-2525 1 Typo3 1 Rlmp Eventdb 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Event Database (aka rlmp_eventdb) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2496 1 Quate 1 Quate Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS 0.3.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) login.php, and (3) credits.php in admin/, and (4) upgrade/index.php.
CVE-2008-2462 1 Caucho 1 Resin 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the viewfile documentation command in Caucho Resin before 3.0.25, and 3.1.x before 3.1.4, allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CVE-2008-2458 1 4shared 1 Starsgames Control Panel 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Starsgames Control Panel 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the st parameter.
CVE-2008-2445 1 Wgcc 1 Web Group Communication Center 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in profile.php in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a show action.
CVE-2009-4532 2 Drupal, Nathan Haug 2 Drupal, Webform 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label.
CVE-2009-4525 2 Drupal, Joao Ventura 2 Drupal, Print 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via crafted data in a list of links.
CVE-2009-4524 2 Drupal, Nancy Wichmann 2 Drupal, Realname 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.
CVE-2008-2414 1 Aguestbook 1 An Guestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in send_email.php in AN Guestbook (ANG) 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter.
CVE-2007-0364 1 Nicecoder 1 Indexu 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email parameters to (l) mailing_list.php; the (31) gateway parameter to (m) upgrade.php; and another unspecified vector.
CVE-2009-4516 2 Drupal, Nanwich 2 Drupal, Faq Ask 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.