Total
43375 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3694 | 1 Getmiro | 1 Broadcast Machine | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2008-4536 | 1 Ec-cube | 1 Ec-cube | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.2.0-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17319 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4537. | |||||
| CVE-2008-5760 | 1 Kerio | 1 Kerio Mailserver | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5879 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors. | |||||
| CVE-2008-4818 | 1 Adobe | 1 Flash Player | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers. | |||||
| CVE-2009-1934 | 1 Sun | 2 Java System Web Server, One Web Server | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error. | |||||
| CVE-2009-1081 | 1 Sun | 1 Java System Identity Manager | 2026-04-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661. | |||||
| CVE-2008-1536 | 1 Picturespro | 1 Picturespro Photo Cart | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro (aka Tim Grissett) Photo Cart 4.1 allows remote attackers to inject arbitrary web script or HTML via the amessage parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1229 | 1 Nullsoft | 1 Shoutcast Server | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file. | |||||
| CVE-2008-0400 | 2 Modern, Singapore | 2 Modern, Singapore | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php. | |||||
| CVE-2009-3013 | 1 Opera | 1 Opera Browser | 2026-04-23 | 4.3 MEDIUM | N/A |
| Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site. | |||||
| CVE-2008-2414 | 1 Aguestbook | 1 An Guestbook | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in send_email.php in AN Guestbook (ANG) 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter. | |||||
| CVE-2007-6162 | 1 Wsdeluxe | 1 Fmdeluxe | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a category action. | |||||
| CVE-2009-4616 | 1 Myrephp | 1 Myre Holiday Rental Manager | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday Rental Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter. | |||||
| CVE-2008-0208 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter. | |||||
| CVE-2009-2928 | 1 Tgs-cms | 1 Tgs Content Management | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary web script or HTML via the previous_page parameter, a different vector than CVE-2008-6839. | |||||
| CVE-2008-0496 | 1 Ampjuke | 1 Ampjuke | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 allows remote attackers to inject arbitrary web script or HTML via the limit parameter in a search action. | |||||
| CVE-2007-4557 | 1 Novell | 1 Groupwise Webaccess | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2. | |||||
| CVE-2009-3786 | 2 Drupal, Moshe Weitzman | 2 Drupal, Og Vocab | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title. | |||||
| CVE-2007-0275 | 1 Oracle | 4 Application Server, Collaboration Suite, Database Server and 1 more | 2026-04-23 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01. | |||||