Search Results (83497 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4121 1 Cpcommerce 1 Cpcommerce 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to sendtofriend.php.
CVE-2008-4120 1 Flatpress 1 Flatpress 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php.
CVE-2008-4118 1 High Norm 1 Sound Master 2nd 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-3884 1 Blogn 1 Blogn 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2006-6176.
CVE-2008-1258 1 D-link 1 Di-604 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter.
CVE-2008-6533 1 Drupal 1 Drupal 2026-04-23 N/A
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2007-5888 1 Coppermine 1 Coppermine Photo Gallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.
CVE-2008-3786 1 Picturespro 1 Picturespro Photo Cart 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action.
CVE-2008-3779 1 Review-script 1 Five Star Review Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action.
CVE-2007-5891 1 Manageengine 2 Opmanager, Opmanager Msp 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6306 2 Jfree, Redhat 4 Jfreechart, Jboss Enterprise Application Platform, Network Satellite and 1 more 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.
CVE-2007-6308 1 Httplogger 1 Httplogger 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2508 1 Tr Script News 1 Tr Script News 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in news.php in Tr Script News 2.1 allows remote attackers to inject arbitrary web script or HTML via the "nb" parameter in voir mode.
CVE-2008-3397 1 Runesoft 1 Cerberus Cms 2026-04-23 6.1 Medium
Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie.
CVE-2008-2485 1 Pcpin 1 Pcpin Chat 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the URL redirection script (inc/url_redirection.inc.php) in PCPIN Chat before 6.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-1243 1 Linksys 1 Wrt300n 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI.
CVE-2007-6310 1 Falt4 Cms 1 Falt4 Extreme Rc4 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to (1) index.php and possibly (2) admin/index.php, and (3) the topic parameter to modules/feed/feed.php (aka modules/feed.php).
CVE-2008-6847 1 Preproject 1 Pre Asp Job Board 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in Pre ASP Job Board allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2007-6312 1 Websense 3 Enterpise, Reporting Tools, Web Security Suite 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVE-2007-6346 1 Rainboard 1 Rainboard 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.