Total
45130 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3648 | 2 Apsivam, Drupal | 2 Service Links, Drupal | 2026-06-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names. | |||||
| CVE-2009-3647 | 1 Yabsoft | 1 Mega File Hosting Script | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3636 | 1 Typo3 | 1 Typo3 | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2009-3634 | 1 Typo3 | 1 Typo3 | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2009-3629 | 1 Typo3 | 1 Typo3 | 2026-06-16 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3618 | 1 Viewvc | 1 Viewvc | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3601 | 1 Scriptsez | 1 Ultimate Poll | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote attackers to inject arbitrary web script or HTML via the clr parameter in a vote action. | |||||
| CVE-2009-3599 | 1 Freewebscriptz | 1 Hubscript | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in single_winner1.php in HUBScript 1.0 allows remote attackers to inject arbitrary web script or HTML via the bid_id parameter. | |||||
| CVE-2009-3598 | 1 Ecardmax.com | 1 Formxp | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in survey_result.php in eCardMAX FormXP 2007 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | |||||
| CVE-2009-3594 | 1 Blob | 1 Blog System | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter. | |||||
| CVE-2009-3593 | 1 Freewebscriptz | 1 Freelancers | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to placebid.php and (2) jobid parameter to post_resume.php. | |||||
| CVE-2009-3592 | 1 Qtmsoft | 1 X-cart | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823. | |||||
| CVE-2009-3581 | 1 Sql-ledger | 1 Sql-ledger | 2026-06-16 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts Payable menu item for Add Transaction, or the name field in (3) the Customers menu item for Add Customer or (4) the Vendor menu item for Add Vendor. | |||||
| CVE-2009-3579 | 1 Mortbay | 1 Jetty | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/. | |||||
| CVE-2009-3567 | 1 Kayako | 2 Esupport, Supportsuite | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145. | |||||
| CVE-2009-3566 | 1 Mcafee | 1 Intrushield Network Security Manager | 2026-06-16 | 4.3 MEDIUM | N/A |
| McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2009-3565 | 1 Mcafee | 1 Intrushield Network Security Manager | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter. | |||||
| CVE-2009-3562 | 1 Xerver | 1 Xerver | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action. | |||||
| CVE-2009-3540 | 1 Yourfreeworld | 1 Ultra Classifieds Pro | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in listads.php in YourFreeWorld Ultra Classifieds Pro allows remote attackers to inject arbitrary web script or HTML via the cn parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3539 | 1 Yourfreeworld | 1 Ultra Classifieds Pro | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow remote attackers to inject arbitrary web script or HTML via the (1) cname parameter to subclass.php and the (2) sn parameter to listads.php. | |||||
