Search Results (46006 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1063 1 Xoops 1 Xm-memberstats 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter.
CVE-2008-1048 1 Plume-cms 1 Plume Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
CVE-2008-1041 1 Matts Whois 1 Matts Whois 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
CVE-2009-4570 1 Phpshop 1 Phpshop 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in an order/order_print action to the default URI.
CVE-2008-3622 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."
CVE-2008-2213 1 Maianscriptworld 1 Maian Links 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Links 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters.
CVE-2008-6343 1 Typo3 2 Tu-clausthal Odin, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-0699 1 Plunet 1 Business Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters.
CVE-2007-5072 1 Alexander Palmo 1 Simple Php Blog 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog) before 0.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via certain user_colors array parameters to certain user_style.php files under themes/, as demonstrated by the user_colors[bg_color] parameter.
CVE-2008-3935 1 D-ic 2 Shop V50, Shop V52 2026-04-23 6.1 Medium
Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6450 1 Under Construction Baby 1 Pc2m 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Under Construction, Baby (UCB) PC2M 0.9.22.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2009-0660 1 Mahara 1 Mahara 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487.
CVE-2006-6687 1 Web-app.net 1 Webapp 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6448 1 Skyarc 1 Mtcms Wysiwyg Editor 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC System MTCMS WYSIWYG Editor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-6733 1 Osticket 1 Osticket Sts 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in support/view.php in Support Cards 1 (osTicket) allows remote attackers to inject arbitrary web script or HTML via the e parameter.
CVE-2006-6734 1 Obie Website 1 Mini Web Shop 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to inject arbitrary web script or HTML via the catname parameter.
CVE-2008-6515 1 Vclcomponents 1 Yappa-ng 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
CVE-2007-5059 1 Greensql 1 Greensql 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow remote attackers to inject arbitrary web script or HTML via several vectors, as demonstrated by the (1) uname and (2) pass parameters in a login form, and (3) an unspecified "url value," leading to storage of XSS sequences in the database and display of these sequences in the alert section of the admin panel.
CVE-2009-0500 1 Moodle 1 Moodle 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.
CVE-2008-6609 1 Ott 1 Phpcksec 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.