Search Results (46006 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1941 1 Akiva 1 Webboard 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the profile update feature in Akiva WebBoard 8.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in the form field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-0487 1 Mahara 1 Mahara 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post.
CVE-2009-0467 1 Armorlogic 1 Profense Web Application Firewall 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action.
CVE-2007-6569 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246.
CVE-2007-6588 1 Phpcredo 1 Phcdownload 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4350 1 Hp 1 Sitescope 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the management interface in HP SiteScope 9.0 build 911 allows remote attackers to inject arbitrary web script or HTML via an SNMP trap message.
CVE-2009-0378 1 Joomla 2 Com Beamospetition, Joomla 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action.
CVE-2008-1953 1 Magnolia 1 Site Designer 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1955 1 Toocharger 1 Myboard 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER MyBoard 1.0.12 allows remote attackers to inject arbitrary web script or HTML via the id parameter. information.
CVE-2008-1967 1 Cezannesw 1 Cezanne 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in Cezanne 6.5.1 and 7 allows remote attackers to inject arbitrary web script or HTML via the SleUserName parameter.
CVE-2008-0197 1 Wordpress 1 Wp-contactform 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wpcf_email, (2) wpcf_subject, (3) wpcf_question, (4) wpcf_answer, (5) wpcf_success_msg, (6) wpcf_error_msg, or (7) wpcf_msg parameter to wp-admin/admin.php, or (8) the SRC attribute of an IFRAME element.
CVE-2008-1969 1 Cezannesw 1 Cezanne 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLinks, and (6) WidgetsTitles parameters to (b) CznCommon/CznCustomContainer.asp, (7) CFTARGET parameter to (c) home.asp, (8) PersonOid parameter to (d) PeopleWeb/Cards/CVCard.asp, (9) DESTLINKOID and PersonOID parameters to (e) PeopleWeb/Cards/PayrollCard.asp, and the (10) FolderTemplateId and (11) FolderTemplateName parameters to (f) PeopleWeb/CznDocFolder/CznDFStartProcess.asp.
CVE-2009-0359 1 Nongnu 1 Samizdat 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.
CVE-2007-6136 1 M2scripts 1 My Space Scripts Poll Creator 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a create_new action. NOTE: some of these details are obtained from third party information.
CVE-2007-6141 1 Vbtube 1 Vbtube 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2008-1978 1 Drupal 2 Drupal, Ubercart Module 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428.
CVE-2008-2011 1 National Rail Enquiries 1 National Rail Enquiries Live Departure Boards 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the National Rail Enquiries Live Departure Boards gadget before 1.1 allows remote National Rail Enquiries servers or man-in-the-middle attackers to inject arbitrary web script or HTML, and execute arbitrary code, via a response body, as demonstrated by a SCRIPT element that references a vbscript: URI.
CVE-2007-6157 1 Simplegallery 1 Simplegallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
CVE-2008-0146 1 Hughes Technologies 1 W3-msql 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the top-level URI.
CVE-2009-3010 1 Mozilla 3 Firefox, Mozilla, Seamonkey 2026-04-23 N/A
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.