Total
43407 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2581 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Services, Windows 2003 | 2026-04-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. | |||||
| CVE-2008-2048 | 1 Aspindir | 1 Angelo-emlak | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter. | |||||
| CVE-2008-2788 | 1 Opendocman | 1 Opendocman | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. | |||||
| CVE-2008-1213 | 2 Linux, Numara | 2 Linux Kernel, Footprints | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Numara FootPrints for Linux 8.1 allows remote attackers to inject arbitrary web script or HTML via the Title form field when setting an appointment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2756 | 1 Xigla | 1 Absolute Control Panel Xe | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla Absolute Control Panel XE 1.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter and other unspecified parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2442 | 1 Linea21 | 1 Linea21 | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in public/index.php in Linea21 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a resultats-recherche action. | |||||
| CVE-2009-3157 | 2 Drupal, Karen Stevenson | 2 Drupal, Calendar | 2026-04-23 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type. | |||||
| CVE-2008-1204 | 1 Sun | 1 Java System Access Manager | 2026-04-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. | |||||
| CVE-2009-0860 | 1 Netcordia | 1 Netmri | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web user interface in the login application in NetMRI 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to error pages. | |||||
| CVE-2007-5649 | 1 Socketmail | 1 Socketmail | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative Digital Resources SocketMail 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the lost_id parameter. | |||||
| CVE-2008-2646 | 1 Mebiblio | 1 Mebiblio | 2026-04-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sql parameter to dbadd.inc.php, (2) InsertJournal parameter to add_journal_mask.inc.php, (3) InsertBibliography parameter to insert_mask.inc.php, and (4) LabelYear parameter to search_mask.inc.php. | |||||
| CVE-2008-6343 | 1 Typo3 | 2 Tu-clausthal Odin, Typo3 | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-2168 | 1 Apache | 1 Http Server | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page. | |||||
| CVE-2008-6698 | 2 Michael Fritz, Typo3 | 2 Worldcup, Typo3 | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2009-1162 | 1 Cisco | 2 Ironport Asyncos, Ironport Email Security Appliances | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter. | |||||
| CVE-2007-2524 | 1 Otrs | 1 Otrs | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841. | |||||
| CVE-2008-2852 | 1 Nathan Neulinger | 1 Cgiwrap | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when an Internet Explorer based browser is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to failure to set the charset in error messages. | |||||
| CVE-2009-4250 | 2 Cutephp, Korn19 | 2 Cutenews, Utf-8 Cutenews | 2026-04-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments. NOTE: some of the vulnerabilities require register_globals to be enabled and/or magic_quotes_gpc to be disabled. | |||||
| CVE-2007-6287 | 1 Lxlabs | 1 Hypervm | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login page in Lxlabs HyperVM 2.0 allows remote attackers to inject arbitrary web script or HTML via the frm_emessage parameter, a different vector than CVE-2006-6649. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3596 | 1 Harmoni | 1 Harmoni | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allows remote attackers to inject arbitrary web script or HTML via the Username field, which is inserted into logs that could be rendered when viewed by an administrator. | |||||