Search Results (83779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2211 1 Maianscriptworld 1 Maian Guestbook 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Guestbook 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters.
CVE-2009-1091 1 Rapidleech 1 Rapidleech 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to inject arbitrary web script or HTML via the uploaded parameter.
CVE-2008-6925 1 Zenphoto 1 Zenphoto 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3105 1 Ibm 1 Domino Web Access 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC.
CVE-2008-3824 2 Horde, Popoon 2 Horde, Popoon 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.
CVE-2008-6924 1 Intelliants 1 Esyndicat 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in register.php in eSyndiCat Directory 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email, (3) password, (4) password2, (5) security_code, and (6) register parameters.
CVE-2007-4882 1 Techexcel Inc. 1 Customerwise 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TechExcel CustomerWise (formerly TechExcel CRM) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-0248 1 Katywhitton 1 Rankem 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter.
CVE-2009-0860 1 Netcordia 1 Netmri 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the web user interface in the login application in NetMRI 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to error pages.
CVE-2009-2581 1 Editeurscripts 1 Esnews 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in modifier.php in EditeurScripts EsNews 1.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2008-6127 1 Mozilo 1 Mozilocms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to gallery.php, and the (6) URL to admin/login.php.
CVE-2007-1723 1 Ciphertrust 1 Ironmail 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network, (2) defRouterIp, (3) hostName, (4) domainName, (5) ipAddress, (6) defaultRouter, (7) dns1, or (8) dns2 parameter to (a) admin/system_IronMail.do; the (9) ipAddress parameter to (b) admin/systemOutOfBand.do; the (10) password or (11) confirmPassword parameter to (c) admin/systemBackup.do; the (12) Klicense parameter to (d) admin/systemLicenseManager.do; the (13) rows[1].attrValueStr or (14) rows[2].attrValueStr parameter to (e) admin/systemWebAdminConfig.do; the (15) rows[0].attrValueStr, rows[1].attrValueStr, (16) rows[2].attrValue, or (17) rows[2].attrValueStrClone parameter to (f) admin/ldap_ConfigureServiceProperties.do; the (18) input1 parameter to (g) admin/mailFirewall_MailRoutingInternal.do; or the (19) rows[2].attrValueStr, (20) rows[3].attrValueStr, (21) rows[5].attrValueStr, or (22) rows[6].attrValueStr parameter to (h) admin/mailIdsConfig.do.
CVE-2009-1081 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661.
CVE-2008-3739 2 Spacetag, System Consultants 2 Lacoodast, La Cooda Wiz 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences.
CVE-2008-2773 1 Drupal 1 Taxonomy Image Module 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6130 1 Mozilo 1 Mozilowiki 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters.
CVE-2008-5323 1 Easy-script 1 Wysi Wiki Wyg 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg 1.0 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2008-3730 1 Nordicwind 2 Noah, Nordicwind Document Management System 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-0200 1 Medialand 1 Rotabanner Local 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in account/index.html in RotaBanner Local 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) drop parameter.
CVE-2008-4872 1 Itechscripts 1 Itechbids 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.