Total
43375 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6978 | 1 Fckeditor | 1 Fckeditor | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag. | |||||
| CVE-2008-5720 | 1 Seasar | 1 Mayaa | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions. | |||||
| CVE-2009-3745 | 1 Ibm | 1 Rational Appscan | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2007-6100 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992. | |||||
| CVE-2008-5026 | 1 Microsoft | 1 Sharepoint Server | 2026-04-23 | 3.5 LOW | N/A |
| Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents. | |||||
| CVE-2008-2212 | 1 Maianscriptworld | 1 Maian Cart | 2026-04-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_adminheader, (2) msg_adminheader2, (3) msg_adminheader3, (4) msg_adminheader4, and unspecified other parameters to admin/inc/header.php; the (5) msg_script3 and unspecified other parameters to admin/inc/footer.php; and the (6) keywords parameter to index.php in a search action. | |||||
| CVE-2007-5280 | 1 Appfuse | 1 Appfuse | 2026-04-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in AppFuse before 2.0 Final allow remote attackers to inject arbitrary web script or HTML via unspecified input that is recorded in (1) success or (2) error messages. | |||||
| CVE-2008-6299 | 1 Joomla | 1 Joomla | 2026-04-23 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." | |||||
| CVE-2008-3367 | 1 Webwizguide | 1 Web Wiz Rich Text Editor | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web Wiz Rich Text Editor (RTE) 3.x and 4.x before 4.03 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | |||||
| CVE-2008-3379 | 1 Snarky | 1 Visualpic | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the pic parameter to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2302 | 1 Avatic | 1 Aardvark Topsites Php | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. NOTE: it was later reported that 5.2.1 is also affected. | |||||
| CVE-2008-0292 | 1 Dansie | 1 Photo Album | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2032 | 1 Pagedowntech | 1 Pdshoppro | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, when downloaded before 20070308, allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2008-3841 | 1 Openfreeway | 1 Freeway | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway eCommerce 1.4.1.171 allows remote attackers to inject arbitrary web script or HTML via the search_link parameter. | |||||
| CVE-2007-5411 | 1 Linksys | 1 Spa941 | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message. | |||||
| CVE-2009-3651 | 2 Drupal, Mikeryan | 2 Drupal, Browscap | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||||
| CVE-2008-6215 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to inject arbitrary web script or HTML via the OfertaID parameter. | |||||
| CVE-2007-3694 | 1 Getmiro | 1 Broadcast Machine | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2008-4536 | 1 Ec-cube | 1 Ec-cube | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.2.0-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17319 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4537. | |||||
| CVE-2008-5760 | 1 Kerio | 1 Kerio Mailserver | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information. | |||||