Search Results (46006 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6385 1 W3matter 1 Revsense 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
CVE-2009-4152 1 Ibm 1 Websphere Portal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag.
CVE-2008-4079 1 Six Apart 1 Movable Type 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4164 2 Simple Glossar, Typo3 2 Simple Glossar, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6428 1 Kayalang 1 Kaya 2026-04-23 N/A
The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2008-4083 1 Brim-project 1 Brim 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-0761 1 Team5.team Board 6 1.0, 1.0.1, 1.0.2 and 3 more 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in online.asp in Team Board 1.x allows remote attackers to inject arbitrary web script or HTML via the lookname parameter.
CVE-2009-4187 1 Sun 2 Java System Portal Server, Solaris 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-7147 1 Intralearn 1 Intralearn 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allow remote attackers to inject arbitrary web script or HTML via the (1) outline and (2) course parameters to library/description_link.cfm, or the (3) records_to_display and (4) the_start parameters to library/courses_catalog.cfm.
CVE-2009-4320 1 Lythgoes 1 The Next Generation Of Genealogy Sitebuilding 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in searchform.php in The Next Generation of Genealogy Sitebuilding (TNG) 7.1.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2009-1776 1 Matt Wright 1 Formmail 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the (1) request and (2) return_link_url parameters.
CVE-2008-6404 1 Extrosoft 1 Thyme 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
CVE-2009-4336 2 Simon Rundell, Typo3 2 Pd Calendar Today, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-5227 1 Blackboard 1 Blackboard Learning And Community Post Systems 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the (1) subject_t and (2) body_text parameters. NOTE: vector 2 requires bypassing a client-side security mechanism that attempts to block XSS sequences.
CVE-2008-7133 1 Onlinetools 1 Easyimagecatalogue 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php, and the d parameter to (4) describe.php and (5) addcomment.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4340 2 Mischa Heissmann, Typo3 2 No Indexed Search, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3057 1 Aom-software 1 Beex 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php.
CVE-2008-3843 1 Microsoft 5 .net Framework, Windows-nt, Windows 2000 and 2 more 2026-04-23 N/A
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element.
CVE-2009-1451 1 Bluevirus-design 1 Sma-db 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB 0.3.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2008-1538 1 Manageengine 1 Eventlog Analyzer 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Fixed in EventLog Analyzer 10.0 Build 10000.