Search Results (83483 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3120 1 Bigace 1 Bigace 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-4196 1 Huawei 1 Mt882 V100t002b020 Arg-t 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1; (2) wzConnFlag parameter to fresh_pppoe_1; (3) diag_pppindex_argen and (4) DiagStartFlag parameters to rpDiag_argen_1; (5) wzdmz_active and (6) wzdmzHostIP parameters to rpNATdmz_argen_1; (7) wzVIRTUALSVR_endPort, (8) wzVIRTUALSVR_endPortLocal, (9) wzVIRTUALSVR_IndexFlag, (10) wzVIRTUALSVR_localIP, (11) wzVIRTUALSVR_startPort, and (12) wzVIRTUALSVR_startPortLocal parameters to rpNATvirsvr_argen_1; (13) Connect_DialFlag, (14) Connect_DialHidden, and (15) Connect_Flag parameters to rpStatus_argen_1; (16) Telephone_select, and (17) wzFirstFlag parameters to rpwizard_1; and (18) wzConnectFlag parameter to rpwizPppoe_1.
CVE-2007-5105 1 Wordpress 1 Wordpress 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter.
CVE-2009-3263 1 Google 1 Chrome 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML "active content."
CVE-2009-1344 1 Drupal 2 Drupal, Localization Client 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality.
CVE-2009-1342 1 Drupal 2 Cck Comment Reference, Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form.
CVE-2007-5977 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.
CVE-2007-6003 1 Thomson 1 Speedtouch 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3780 2 Ashok Modi, Drupal 2 Abuse, Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-1220 1 Cisco 2 Adaptive Security Appliance, Ios 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the Host HTTP header.
CVE-2008-6235 2 Redhat, Vim 2 Enterprise Linux, Vim 2026-04-23 N/A
The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.
CVE-2009-3260 1 Livestreet 1 Livestreet 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment.
CVE-2009-3783 2 Drupal, Sjoerd Arendsen 2 Drupal, Simplenews Statistics 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector.
CVE-2009-0523 1 Adobe 2 Robohelp, Robohelp Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log.
CVE-2009-0525 1 Modernmethod 1 Sajax 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the sajax_get_common_js function in php/Sajax.php in Sajax 0.12 allows remote attackers to inject arbitrary web script or HTML via the URL parameter, which is not properly handled when using browsers that do not URL-encode requests, such as Internet Explorer 6. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1202 1 Cisco 1 Adaptive Security Appliance 2026-04-23 N/A
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705.
CVE-2007-5834 1 Bosdev 1 Bosnews 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post.
CVE-2008-6215 1 Bookingcentre 1 Booking System For Hotels Group 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to inject arbitrary web script or HTML via the OfertaID parameter.
CVE-2009-0830 1 Andrew Freed 1 Quotebook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in QuoteBook allows remote attackers to inject arbitrary web script or HTML via the (1) QuoteName and (2) QuoteText parameters to quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-0817 1 Drupal 2 Drupal, Protected Node Module 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module.