Search Results (47121 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2566 1 Php-address Book 1 Php-address Book 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.
CVE-2008-2571 1 Limesurvey 1 Limesurvey 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerly PHPSurveyor) before 1.71 allows remote attackers to change arbitrary quotas as administrators via a "modify quota" action.
CVE-2008-2680 1 Realm Project 1 Realm Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp in Realm CMS 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) CmpctedDB and (2) Boyut parameters.
CVE-2007-5923 1 Broadcom 1 Etrust Siteminder 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204.
CVE-2008-2698 1 Web-album 1 Webalbum 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php (aka the "add comment" section) in WEBalbum 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) id, or (3) category parameter.
CVE-2008-1025 1 Apple 2 Safari, Webkit 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.
CVE-2008-2788 1 Opendocman 1 Opendocman 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.
CVE-2008-2808 3 Mozilla, Redhat, Ubuntu 10 Firefox, Seamonkey, Thunderbird and 7 more 2026-04-23 N/A
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.
CVE-2008-2814 1 Shoutcastadmin 1 Wallcity-server Shoutcast Admin Panel 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast Admin Panel 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter to the login interface. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6087 1 Camera Life 1 Camera Life 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in topic.php in Camera Life 2.6.2b4 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2008-6095 1 Opennms 1 Opennms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter.
CVE-2008-6096 1 Juniper 1 Netscreen Screenos 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface login page or the (2) telnet login page.
CVE-2008-3069 1 Mybb 1 Mybb 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php.
CVE-2008-6108 1 Gwm 1 Galatolo Webmanager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in result.php in Galatolo WebManager (GWM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter.
CVE-2008-6113 1 Semanticscuttle 1 Semanticscuttle 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.90 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the (1) username and (2) profile page.
CVE-2008-3091 1 Drupal 1 Taxonomy Autotagger Module 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-3328 1 Edgewall Software 1 Trac 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-6229 1 Drupal 1 Content Construction Kit 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names.
CVE-2008-3330 1 Debian 2 Horde, Turba 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.
CVE-2008-3334 1 Mybb 1 Mybb 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php.