Vulnerabilities (CVE)

Filtered by CWE-79
Total 45130 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3648 2 Apsivam, Drupal 2 Service Links, Drupal 2026-06-16 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names.
CVE-2009-3647 1 Yabsoft 1 Mega File Hosting Script 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3636 1 Typo3 1 Typo3 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2009-3634 1 Typo3 1 Typo3 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2009-3629 1 Typo3 1 Typo3 2026-06-16 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3618 1 Viewvc 1 Viewvc 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-3601 1 Scriptsez 1 Ultimate Poll 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote attackers to inject arbitrary web script or HTML via the clr parameter in a vote action.
CVE-2009-3599 1 Freewebscriptz 1 Hubscript 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in single_winner1.php in HUBScript 1.0 allows remote attackers to inject arbitrary web script or HTML via the bid_id parameter.
CVE-2009-3598 1 Ecardmax.com 1 Formxp 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in survey_result.php in eCardMAX FormXP 2007 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
CVE-2009-3594 1 Blob 1 Blog System 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter.
CVE-2009-3593 1 Freewebscriptz 1 Freelancers 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to placebid.php and (2) jobid parameter to post_resume.php.
CVE-2009-3592 1 Qtmsoft 1 X-cart 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823.
CVE-2009-3581 1 Sql-ledger 1 Sql-ledger 2026-06-16 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts Payable menu item for Add Transaction, or the name field in (3) the Customers menu item for Add Customer or (4) the Vendor menu item for Add Vendor.
CVE-2009-3579 1 Mortbay 1 Jetty 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.
CVE-2009-3567 1 Kayako 2 Esupport, Supportsuite 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145.
CVE-2009-3566 1 Mcafee 1 Intrushield Network Security Manager 2026-06-16 4.3 MEDIUM N/A
McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.
CVE-2009-3565 1 Mcafee 1 Intrushield Network Security Manager 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.
CVE-2009-3562 1 Xerver 1 Xerver 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.
CVE-2009-3540 1 Yourfreeworld 1 Ultra Classifieds Pro 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in listads.php in YourFreeWorld Ultra Classifieds Pro allows remote attackers to inject arbitrary web script or HTML via the cn parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3539 1 Yourfreeworld 1 Ultra Classifieds Pro 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow remote attackers to inject arbitrary web script or HTML via the (1) cname parameter to subclass.php and the (2) sn parameter to listads.php.