Search Results (83425 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3647 1 Yabsoft 1 Mega File Hosting Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3650 2 David Strauss, Drupal 2 Dex, Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier and 6.x-1.0-rc1 and earlier, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-7072 1 Chipmunk-scripts 1 Chipmunk Topsites 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Topsites allows remote attackers to inject arbitrary web script or HTML via the start parameter.
CVE-2008-4304 1 Phpcollab 1 Phpcollab 2026-04-23 N/A
general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment variable. NOTE: in some environments, SSL_CLIENT_CERT always has a base64-encoded string value, which may impose constraints on injection for typical shells.
CVE-2009-3651 2 Drupal, Mikeryan 2 Drupal, Browscap 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
CVE-2007-6637 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1.
CVE-2009-3611 2 Fedoraproject, Le-web 2 Fedora, Backintime 2026-04-23 7.1 High
common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.
CVE-2009-2523 1 Microsoft 1 Windows 2000 2026-04-23 N/A
The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
CVE-2008-4591 1 Phpwebgallery 1 Phpwebgallery 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters.
CVE-2008-6977 1 Fullrevolution 1 Aspwebalbum 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.
CVE-2008-7089 1 Pligg 1 Pligg Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors.
CVE-2008-6894 1 3cx 1 Phone System 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in login.php in 3CX Phone System Free Edition 6.1793 and 6.0.806.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fName and (2) fPassword parameters.
CVE-2008-6700 1 Butterflymedia 1 Butterfly Organizer 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php.
CVE-2008-6360 1 Impresscms 1 Impresscms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-6655 1 Comscripts 1 Gedcom To Mysl 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php; the (3) nom_branche parameter to php/index.php; and the (4) nom_branche, (5) nom, and (6) prenom parameters to php/info.php.
CVE-2009-1772 1 Activecollab 1 Activecollab 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the re_route parameter to the login script.
CVE-2007-1355 2 Apache, Redhat 2 Tomcat, Network Satellite 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
CVE-2006-6687 1 Web-app.net 1 Webapp 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5296 1 Livio Siri 1 Dblist 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in dblisttest.asp in dbList 8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) db, (2) pagesize, (3) sort, (4) strKeyWords, and (5) table parameters. NOTE: some of these details are obtained from third party information.
CVE-2007-5303 1 Snewscms 1 Snewscms Rus 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS Rus 2.1 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter.