Total
45130 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3435 | 2 Drupal, Moshe Weitzman | 2 Drupal, Devel | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name. | |||||
| CVE-2009-3427 | 1 Kayako | 1 Supportsuite | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to inject arbitrary web script or HTML via the subject field in a ticket. | |||||
| CVE-2009-3420 | 1 Intesync | 1 Miniweb | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Publisher module 2.0 for Miniweb allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter and the (2) PATH_INFO. | |||||
| CVE-2009-3368 | 2 Joomla, Joomlahbs | 2 Joomla\!, Com Hbssearch | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php. | |||||
| CVE-2009-3367 | 1 Plohni | 1 An Image Gallery | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3363 | 2 Drupal, Ufku Bayburt | 2 Drupal, Bueditor | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor." | |||||
| CVE-2009-3360 | 1 Datemill | 1 Datemill | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php. | |||||
| CVE-2009-3359 | 1 Datetopia | 1 Match Agency Biz | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php. | |||||
| CVE-2009-3355 | 1 Datetopia | 1 Buy Dating Site | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in profile.php in Datetopia Buy Dating Site 1.0 allows remote attackers to inject arbitrary web script or HTML via the s_r parameter. | |||||
| CVE-2009-3348 | 1 Datavore | 1 Gyro | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component. | |||||
| CVE-2009-3328 | 1 Webilix | 1 Wx-guestbook | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers to inject arbitrary web script or HTML via the sName parameter (aka the name field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3320 | 1 Zenas | 1 Paolink | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2009-3311 | 1 Rssmediascript | 1 Rssmediascript | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2009-3303 | 1 Gforge | 1 Gforge | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter. | |||||
| CVE-2009-3300 | 1 Internet2 | 2 Identity Provider, Service Provider | 2026-06-16 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms. | |||||
| CVE-2009-3299 | 1 Mahara | 1 Mahara | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3283 | 1 Phpspot | 6 Php \& Css Bbs, Php Bbs, Php Bbs Ce and 3 more | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to cookies. | |||||
| CVE-2009-3266 | 1 Opera | 1 Opera Browser | 2026-06-16 | 4.3 MEDIUM | N/A |
| Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content." | |||||
| CVE-2009-3265 | 1 Opera | 1 Opera Browser | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability. | |||||
| CVE-2009-3263 | 1 Google | 1 Chrome | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML "active content." | |||||
