Search Results (46006 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0669 1 Sift 1 Unity 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity allows remote attackers to inject arbitrary web script or HTML via the qt parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6306 2 Jfree, Redhat 4 Jfreechart, Jboss Enterprise Application Platform, Network Satellite and 1 more 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.
CVE-2007-6308 1 Httplogger 1 Httplogger 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6312 1 Websense 3 Enterpise, Reporting Tools, Web Security Suite 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVE-2008-6431 1 Bmforum 1 Bmforum 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) outpused parameter to index.php, the (2) footer_copyright and (3) verandproname parameters to newtem/footer/bsd01footer.php, and the (4) topads and (5) myplugin parameters to newtem/header/bsd01header.php.
CVE-2008-5202 1 Otmanager 1 Otmanager Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter.
CVE-2007-3405 1 Lebisoft 1 Lebisoft Zdefter 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp in Lebisoft zdefter 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ad and (2) konu parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3023 2 Fswiki, Microsoft 2 Freestyle Wiki, Internet Explorer 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and earlier, and 3.6.3 dev3 and earlier development versions, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2005-1799.
CVE-2009-4525 2 Drupal, Joao Ventura 2 Drupal, Print 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via crafted data in a list of links.
CVE-2009-4524 2 Drupal, Nancy Wichmann 2 Drupal, Realname 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.
CVE-2009-4523 1 Zainu 1 Zainu 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchSongKeyword parameter in a SearchSong action.
CVE-2009-4521 1 Eclipse 1 Birt 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
CVE-2009-4516 2 Drupal, Nanwich 2 Drupal, Faq Ask 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4513 2 Drupal, John Vandyk 2 Drupal, Workflow 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a (1) workflow or (2) workflow state.
CVE-2009-4429 2 Alexander Hass, Drupal 2 Sections Module, Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).
CVE-2009-4381 1 Texmedia 1 Million Pixel Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in texmedia Million Pixel Script 3 allows remote attackers to inject arbitrary web script or HTML via the pa parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-3448 1 Bugmall 1 Shopping Cart 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected.
CVE-2009-4369 1 Drupal 1 Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name.
CVE-2009-4366 1 Scriptsez 1 Ez Blog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action.
CVE-2006-5530 1 Boesch It-consulting 1 Simpnews 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.