Vulnerabilities (CVE)

Filtered by CWE-79
Total 45032 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4559 2 Drupal, Nanwich 2 Drupal, Submitted By 2026-06-16 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via an input string for "submitted by" text.
CVE-2009-4557 2 Drupal, Unleashedmind 2 Drupal, Img Assist 2026-06-16 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with image-node creation privileges, to inject arbitrary web script or HTML via a node title.
CVE-2009-4554 1 Snitz Communications 1 Snitz Forums 2000 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag.
CVE-2009-4552 1 Intesync 1 Miniweb 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2009-4548 1 Viart 1 Viart Helpdesk 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.
CVE-2009-4547 1 Viart 1 Viart Cms 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or (3) forum_topic_new.php.
CVE-2009-4544 1 Cromosoft 1 Facil Helpdesk 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2009-4542 1 Isolsoft 1 Support Center 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2009-4539 1 Sqlitemanager 1 Sqlitemanager 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.
CVE-2009-4532 2 Drupal, Nathan Haug 2 Drupal, Webform 2026-06-16 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label.
CVE-2009-4525 2 Drupal, Joao Ventura 2 Drupal, Print 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via crafted data in a list of links.
CVE-2009-4524 2 Drupal, Nancy Wichmann 2 Drupal, Realname 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.
CVE-2009-4523 1 Zainu 1 Zainu 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchSongKeyword parameter in a SearchSong action.
CVE-2009-4522 1 Bloofox 1 Bloofoxcms 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-4521 1 Eclipse 1 Birt 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
CVE-2009-4518 2 Drupal, Mark Burton 2 Drupal, Insertnode 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node.
CVE-2009-4516 2 Drupal, Nanwich 2 Drupal, Faq Ask 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4514 2 Astha Bhatnagar, Drupal 2 Shindigintegrator, Drupal 2026-06-16 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4513 2 Drupal, John Vandyk 2 Drupal, Workflow 2026-06-16 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a (1) workflow or (2) workflow state.
CVE-2009-4505 1 Alkacon 2 Oamp Comments, Opencms 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors.