Search Results (46006 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0472 1 Rockwellautomation 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4371 1 Drupal 1 Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the (1) Language name in English or (2) Native language name fields in the Custom language form.
CVE-2008-3237 1 Itechscripts 1 Itechbids 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter.
CVE-2009-4169 2 Roytanck, Wordpress 2 Wp-cumulus, Wordpress 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4168 2 Roytanck, Wordpress 2 Wp-cumulus, Wordpress 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site scripting (XSS) vulnerability in tagcloud.swf in the WP-Cumulus Plug-in before 1.23 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter.
CVE-2008-5814 2 Php, Redhat 2 Php, Enterprise Linux 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.
CVE-2007-5218 1 Don Barnes 1 Drbguestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Don Barnes DRBGuestbook 1.1.13 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2008-4733 2 Pressography, Wordpress 2 Wp Comment Remix Plugin, Wordpress 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) replytotext, (2) quotetext, (3) originallypostedby, (4) sep, (5) maxtags, (6) tagsep, (7) tagheadersep, (8) taglabel, and (9) tagheaderlabel parameters.
CVE-2009-3652 2 Drupal, Moshe Weitzman 2 Drupal, Organic Groups 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095.
CVE-2009-3435 2 Drupal, Moshe Weitzman 2 Drupal, Devel 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name.
CVE-2008-5026 1 Microsoft 1 Sharepoint Server 2026-04-23 N/A
Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents.
CVE-2008-4079 1 Six Apart 1 Movable Type 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-4488 1 Atarone 1 Atarone 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4513 1 Phorum 1 Phorum 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags.
CVE-2009-2009 1 Dokeos 1 Dokeos 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php.
CVE-2008-7150 2 Ber Kessels, Drupal 2 Refine By Taxo, Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a taxonomy term, which is not properly handled by refine_by_taxo when displaying tags.
CVE-2008-5095 1 Novell 2 Identity Manager Roles Based Provisioning Module, User Application 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Novell User Application 3.0.1, 3.5.0, and 3.5.1; and Identity Manager Roles Based Provisioning Module 3.6.0 and 3.6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2009-1557 1 Cisco 1 Wvc54gca 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi.
CVE-2008-4928 1 Mybb 1 Mybb 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection.
CVE-2008-4909 1 Compact Cms 1 Compact Cms 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and earlier allows remote attackers to perform unauthorized actions as legitimate users via unspecified vectors.