Search Results (46006 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3056 1 Websvn 1 Websvn 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter.
CVE-2007-3064 1 Mealex 1 My Datebook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter.
CVE-2008-4591 1 Phpwebgallery 1 Phpwebgallery 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters.
CVE-2008-4184 1 Webcms 1 Webcms Portal Edition 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal Edition allows remote attackers to inject arbitrary web script or HTML via the patron parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5211 1 Sphider 1 Sphider 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506.
CVE-2007-5161 1 I-systems Inc. 1 Feedreader 2026-04-23 N/A
Cross-zone scripting vulnerability in the internal browser in i-Systems Feedreader 3.10 allows remote attackers to inject arbitrary web script or HTML via an item in a feed, as demonstrated by a WordPress blog update. NOTE: this was originally reported as XSS.
CVE-2009-4542 1 Isolsoft 1 Support Center 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2009-4316 1 Zeeways 1 Zeelyrics 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in searchresults_main.php in ZeeLyrics 3x allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0438 1 Novemberborn 1 Sifr 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the font rendering functionality in Novemberborn sIFR 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the txt parameter to a Flash (SWF) file, as demonstrated by fonts/FuturaLt.swf.
CVE-2006-7195 2 Apache, Redhat 5 Tomcat, Enterprise Linux, Network Satellite and 2 more 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
CVE-2009-4159 2 Ivan Kartolo, Typo3 2 Direct Mail, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4266 1 Yabsoft 1 Advanced Image Hosting Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.php in YABSoft Advanced Image Hosting (AIH) Script 2.2, and possibly 2.3, allows remote attackers to inject arbitrary web script or HTML via the text parameter.
CVE-2009-4253 1 Phpee 1 Pphlogger 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter.
CVE-2009-4255 2 Joomla, Youjoomla 2 Joomla\!, You\!hostit\! 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1.0.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the created_by_alias parameter in index.php.
CVE-2009-4239 1 Ibm 1 Infosphere Information Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4318 1 Realestatephp 1 Real Estate Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Real Estate Manager 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-4416 1 Phpgroupware 1 Phpgroupware 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw_" sequence.
CVE-2006-5486 1 Sun 2 Iplanet Messaging Server, Java System Messaging Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages.
CVE-2008-1045 1 Alkacon 1 Opencms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter.
CVE-2008-1025 1 Apple 2 Safari, Webkit 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.