Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 43411 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-5724 1 Omnistar Interactive 1 Omnistar Live 2026-04-23 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live allow remote attackers to inject arbitrary web script or HTML via (1) the category_id parameter to users/kb.php, and possibly (3) the Email Box field in profile.php.
CVE-2008-1481 1 Webspell 1 Webspell 2026-04-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2772 1 Realtysoft 1 Pg Roomate Finder Solution 2026-04-23 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php.
CVE-2007-4592 1 Ibm 1 Rational Clearquest 2026-04-23 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.
CVE-2009-2373 1 Drupal 1 Drupal 2026-04-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0327 2 Julian Kleinhans, Typo3 2 Kj Imagelightbox2, Typo3 2026-04-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-2490.
CVE-2007-2206 1 Ripe Website Manager 1 Ripe Website Manager 2026-04-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a leading "<"<" in the ripeformpost parameter.
CVE-2008-1947 1 Apache 1 Tomcat 2026-04-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
CVE-2007-1145 1 Kayako 1 Esupport 2026-04-23 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842.
CVE-2008-2103 1 Mozilla 1 Bugzilla 2026-04-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list.
CVE-2009-1809 1 Collector 1 Mycolex 2026-04-23 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the year parameter to modules/kalender.php, (2) the Page parameter in a List action to modules/ereignis.php, (3) the Kontext parameter in a Search action to modules/kategorie.php, or (4) the image parameter to modules/image.php.
CVE-2008-5061 1 Smolinari 1 Mini Web Calendar 2026-04-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in php/cal_default.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL.
CVE-2008-2496 1 Quate 1 Quate Cms 2026-04-23 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS 0.3.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) login.php, and (3) credits.php in admin/, and (4) upgrade/index.php.
CVE-2009-4318 1 Realestatephp 1 Real Estate Manager 2026-04-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Real Estate Manager 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-1906 1 Cpcommerce 1 Cpcommerce 2026-04-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action.
CVE-2009-0594 1 Apmuthu 1 Phpskelsite 2026-04-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in phpSkelSite 1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2008-4140 1 Opensolution 1 Quick.cart 2026-04-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2008-2987 1 Benjacms 1 Benja Cms 2026-04-23 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_edit_submenu.php, (2) admin_new_submenu.php, and (3) admin_edit_topmenu.php in admin/.
CVE-2007-5179 1 Y\&k Iletisim Formu 1 Y\&k Iletisim Formu 2026-04-23 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in Y&K Iletisim Formu allow remote attackers to inject arbitrary web script or HTML via the (1) ad, (2) sehir, (3) yas, (4) cins, (5) tel, (6) mail, and (7) mesaj parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2380 1 4homepages 1 4images 2026-04-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable.