Search Results (83505 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3348 1 Datavore 1 Gyro 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component.
CVE-2007-6310 1 Falt4 Cms 1 Falt4 Extreme Rc4 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to (1) index.php and possibly (2) admin/index.php, and (3) the topic parameter to modules/feed/feed.php (aka modules/feed.php).
CVE-2007-6312 1 Websense 3 Enterpise, Reporting Tools, Web Security Suite 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVE-2009-3328 1 Webilix 1 Wx-guestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers to inject arbitrary web script or HTML via the sName parameter (aka the name field). NOTE: some of these details are obtained from third party information.
CVE-2007-5161 1 I-systems Inc. 1 Feedreader 2026-04-23 N/A
Cross-zone scripting vulnerability in the internal browser in i-Systems Feedreader 3.10 allows remote attackers to inject arbitrary web script or HTML via an item in a feed, as demonstrated by a WordPress blog update. NOTE: this was originally reported as XSS.
CVE-2007-6346 1 Rainboard 1 Rainboard 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6452 1 Google 1 Web Toolkit 2026-04-23 N/A
Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS).
CVE-2009-3300 1 Internet2 2 Identity Provider, Service Provider 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms.
CVE-2009-3299 1 Mahara 1 Mahara 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6455 1 Mambo 1 Mambo 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
CVE-2009-3256 1 Livestreet 1 Livestreet 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the URI, as demonstrated by a SCRIPT element in an arbitrary parameter such as the asd parameter.
CVE-2009-3240 2 Ohwada, Xoops 2 Xf-section, Xoops 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-7039 1 Gelatocms 1 Gelatocms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter in a comment. NOTE: some of these details are obtained from third party information.
CVE-2007-6465 1 Ganglia 1 Ganglia 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php. NOTE: some of these details are obtained from third party information.
CVE-2008-4370 1 Availscript 1 Availscript Photo Album 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Availscript Photo Album allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to pics.php and the (2) a parameter to view.php.
CVE-2008-0539 1 F5 1 Big-ip Application Security Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter.
CVE-2007-6520 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins.
CVE-2007-6203 1 Apache 1 Http Server 2026-04-23 N/A
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
CVE-2007-6474 1 Gf 3xplorer 1 Gf 3xplorer 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors.
CVE-2007-5728 1 Phppgadmin 1 Phppgadmin 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.