Total
44973 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4983 | 1 Snowhall | 1 Silurus System | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php. | |||||
| CVE-2009-4980 | 1 Keil-software | 1 Photokorn Gallery | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php. | |||||
| CVE-2009-4976 | 2 Kde, Urs Wolfer | 2 Konqueror, Kwebkitpart | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. | |||||
| CVE-2009-4975 | 1 Nokia | 1 Qtdemobrowser | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. | |||||
| CVE-2009-4972 | 1 Kelvin Mo | 1 Simpleid | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php (aka the log in page) in SimpleID before 0.6.5 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2009-4963 | 1 Typo3 | 2 Commerce Extension, Typo3 | 2026-06-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4956 | 2 Typo3, Wapplersystems | 2 Typo3, Ws Stats | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4953 | 2 Stefan Geith, Typo3 | 2 Sg Userdata, Typo3 | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4948 | 2 Joachim Ruhs, Typo3 | 2 Locator, Typo3 | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4944 | 1 Atutor | 1 Acollab | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) address parameter to profile.php or the (2) description parameter to events/add_event.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4941 | 1 Atutor | 1 Acollab | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ACollab 1.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter. | |||||
| CVE-2009-4939 | 1 Impactsoftcompany | 1 Adpeeps | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action. | |||||
| CVE-2009-4937 | 1 Spirate | 1 Small Pirate | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag. | |||||
| CVE-2009-4934 | 1 Esoftpro | 1 Online Photo Pro | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. | |||||
| CVE-2009-4930 | 1 Sungard | 1 Banner Student | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the twbkwbis.P_SecurityQuestion (aka Change Security Question) page in SunGard Banner Student System 7.4 allows remote attackers to inject arbitrary web script or HTML via the New Question field. | |||||
| CVE-2009-4926 | 1 Esoftpro | 1 Online Contact Manager | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php. | |||||
| CVE-2009-4924 | 1 Dan Pascu | 1 Python-cjson | 2026-06-16 | 4.3 MEDIUM | N/A |
| Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element. | |||||
| CVE-2009-4910 | 1 Cisco | 1 Asa 5580 | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418. | |||||
| CVE-2009-4908 | 1 Dootzky | 1 Oblog | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the (1) commentName, (2) commentEmail, (3) commentWeb, or (4) commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (5) article_id or (6) title parameter to admin/write.php, the (7) category_id or (8) category_name parameter to admin/groups.php, the (9) blogroll_id or (10) title parameter to admin/blogroll.php, or the (11) blog_name or (12) tag_line parameter to admin/settings.php. | |||||
| CVE-2009-4903 | 1 Dootzky | 1 Oblog | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in oBlog allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
