Search Results (83756 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5918 1 Tigris 1 Websvn 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2008-1481 1 Webspell 1 Webspell 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1474 1 Roundup-tracker 1 Roundup 2026-04-23 N/A
Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).
CVE-2009-3348 1 Datavore 1 Gyro 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component.
CVE-2008-1182 1 Bsd Perimeter 1 Pfsense 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2930 1 Elkagroup 1 Elkapax Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Search feature in elka CMS (aka Elkapax) allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI.
CVE-2007-6321 1 Roundcube 1 Webmail 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
CVE-2009-2940 2 Pygresql, Python 2 Pygresql, Python 2026-04-23 N/A
The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
CVE-2009-3328 1 Webilix 1 Wx-guestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers to inject arbitrary web script or HTML via the sName parameter (aka the name field). NOTE: some of these details are obtained from third party information.
CVE-2008-1468 1 Namazu 1 Namazu 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.
CVE-2008-0564 2 Mailman, Redhat 2 Mailman, Enterprise Linux 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.
CVE-2008-5504 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836.
CVE-2007-6270 1 Xigla 1 Absolute News Manager.net 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.
CVE-2008-0335 1 Bugtracker.net 1 Bugtracker.net 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field.
CVE-2007-5477 1 Valve Software 2 Half-life Dedicated Server, Webmod Plugin 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod 0.48 Half-Life Dedicated Server plugin allows remote attackers to inject arbitrary web script or HTML via the redir parameter.
CVE-2008-6906 1 Babbleboard 1 Babbleboard 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1.1.6 allows remote attackers to inject arbitrary web script or HTML via the username.
CVE-2009-3300 1 Internet2 2 Identity Provider, Service Provider 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms.
CVE-2009-3299 1 Mahara 1 Mahara 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-0717 1 Ibm 1 Websphere Edge Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response.
CVE-2008-0463 1 Drupal 1 Workflow 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties.