Search Results (83767 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4245 1 Dimema 1 Contentdm 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa CONTENTdm (CDM) allows remote attackers to inject arbitrary web script or HTML via a search, probably related to the CISOBOX1 parameter to results.php in CDM 4.2.
CVE-2008-1345 1 Myiosoft 1 Easycalendar 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in plugins/calendar/calendar_backend.php in MyioSoft EasyCalendar 4.0tr and earlier allows remote attackers to inject arbitrary web script or HTML via the day parameter in a dayview action.
CVE-2008-2527 1 Actualscripts 4 Actualanalyzer Gold, Actualanalyzer Lite, Actualanalyzer Pro and 1 more 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in view.php in ActualScripts ActualAnalyzer Server 8.37 and earlier, ActualAnalyzer Gold 7.74 and earlier, ActualAnalyzer Pro 6.95 and earlier, and ActualAnalyzer Lite 2.78 and earlier allows remote attackers to inject arbitrary web script or HTML via the language parameter.
CVE-2009-1801 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-3009 1 Rubyonrails 1 Rails 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.
CVE-2008-5193 1 Philboard 1 Philboard 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024.
CVE-2009-2965 1 Radvision 1 Scopia 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2008-4152 1 Drupal 1 Talk 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title.
CVE-2008-2333 1 Barracuda Networks 1 Barracuda Spam Firewall 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVE-2009-2959 1 Buildbot 1 Buildbot 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2475 1 Ebay 1 Enhanced Picture Uploader Activex Control 2026-04-23 N/A
eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property.
CVE-2009-2937 1 Intertwingly 2 Planet, Planet Venus 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed.
CVE-2008-5205 1 Wellyblog 1 Wellyblog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action.
CVE-2008-2421 1 Sap 2 Sap Web Application Server, Web Dynpro 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/.
CVE-2009-1849 1 Paessler 2 Prtg Traffic Grapher, Prtg Traffic Grapher6.0.5.416 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth function in PRTG Traffic Grapher 6.2.2.977 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-1604 1 Perlmailer 1 Perlmailer 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-5799 1 Typo3 2 Typo3, Wir Ber Uns Extension 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-3394 1 Infomining 1 Bookmine 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in BookMine allow remote attackers to inject arbitrary web script or HTML via the (1) gallery and (2) search_string parameters.
CVE-2009-2739 1 Freenas 1 Freenas 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-1753 1 Alkacon 1 Opencms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510.