Search Results (47107 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1448 1 Lovpop 1 Apricot 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net APRICOT, probably 1.20, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2009-1457 1 Evolution-extreme 1 Nuke Evolution Xtreme 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in player.php in Nuke Evolution Xtreme 2.x allows remote attackers to inject arbitrary web script or HTML via the defaultVisualExt parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2914 1 Xzeroscripts 1 Xzero Community Classifieds 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1451 1 Bluevirus-design 1 Sma-db 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB 0.3.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2009-1458 1 Razorcms 1 Razorcms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in razorCMS before 0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the slab parameter in an edit action, (2) the catname parameter in a showcats action, and (3) the cat parameter in a reordercat action.
CVE-2008-3923 1 Hans Oesterholt 1 Cmme 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action.
CVE-2008-3937 1 Opendb 1 Opendb 2026-04-23 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php.
CVE-2008-3941 1 Bizdirectory 1 Bizdirectory 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI.
CVE-2008-3968 1 Punbb 1 Punbb 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter.
CVE-2009-2893 1 Xzeroscripts 1 Xzero Community Classifieds 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter.
CVE-2009-2890 1 Phpscriptsnow 1 Riddles 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter.
CVE-2009-2889 1 Phpscriptsnow 1 Hangman 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter.
CVE-2008-4051 1 Jandus Technologies 1 Smart Survey 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart Survey 1.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4056 1 Matterdaddy 1 Matterdaddy Market 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/login.php in Matterdaddy Market 1.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4066 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&#56325ascript" sequence, aka "HTML escaped low surrogates bug."
CVE-2008-4089 1 Myphpnuke 1 Myphpnuke 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
CVE-2009-2887 1 Phpscriptsnow 1 President Bios 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter.
CVE-2009-2823 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
CVE-2008-4118 1 High Norm 1 Sound Master 2nd 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-4119 2 Broadcom, Ca 2 Service Desk, Cmdb 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms."