Search Results (83753 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4348 1 Haroldbakker 1 Hb-ns 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to inject arbitrary web script or HTML via the topic parameter in a topic action, a different vector than CVE-2006-2146.
CVE-2009-4345 2 Jonas Renggli, Typo3 2 Vshoutbox, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4344 2 Tobias Sommer, Typo3 2 Zid Linklist, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6700 1 Openbsd 1 Openbsd 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter.
CVE-2008-1991 1 Acidcat 1 Acidcat Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the field parameter.
CVE-2009-2932 1 Sap 1 Netweaver 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field.
CVE-2008-1504 1 Phpheaven 1 Phpmychat 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in setup.php3 in phpHeaven phpMyChat 0.14.5 allows remote attackers to inject arbitrary web script or HTML via the Lang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1321 1 Humayun Shabbir Bhutta 1 Asp Product Catalog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.asp in ASP Product Catalog 1.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
CVE-2008-5093 1 Novell 1 Edirectory 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2006-7195 2 Apache, Redhat 5 Tomcat, Enterprise Linux, Network Satellite and 2 more 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
CVE-2008-2344 1 Typo3 1 Air Filemanager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-3386 2 Apache, Redhat 3 Tomcat, Enterprise Linux, Rhel Application Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
CVE-2007-1519 1 Phpnuke 1 Php-nuke 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948.
CVE-2008-1634 1 Jv2 1 Folder Gallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder Gallery 3.1 allows remote attackers to inject arbitrary web script or HTML via the image parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2337 1 Oicgroup 1 Exponent Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.
CVE-2007-3405 1 Lebisoft 1 Lebisoft Zdefter 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp in Lebisoft zdefter 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ad and (2) konu parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1557 1 Cisco 1 Wvc54gca 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi.
CVE-2009-1287 1 Cisco 1 Subscriber Edge Services Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge Services Manager (SESM) allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: some of these details are obtained from third party information.
CVE-2008-0809 1 Ikiwiki 1 Ikiwiki 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.
CVE-2007-5985 1 Bti-tracker 1 Bti-tracker 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php.