Export limit exceeded: 14744 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 47128 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47128 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2914 | 1 Xzeroscripts | 1 Xzero Community Classifieds | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2919 | 1 Boonex | 1 Orca | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field. | ||||
| CVE-2009-2940 | 2 Pygresql, Python | 2 Pygresql, Python | 2026-04-23 | N/A |
| The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | ||||
| CVE-2009-2959 | 1 Buildbot | 1 Buildbot | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-2947 | 1 Xapian | 1 Omega | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages. | ||||
| CVE-2009-3009 | 1 Rubyonrails | 1 Rails | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. | ||||
| CVE-2009-3012 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site. | ||||
| CVE-2009-3013 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site. | ||||
| CVE-2009-3014 | 1 Mozilla | 3 Firefox, Mozilla, Seamonkey | 2026-04-23 | N/A |
| Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header. | ||||
| CVE-2009-3016 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. | ||||
| CVE-2009-3018 | 1 Maxthon | 1 Maxthon Browser | 2026-04-23 | N/A |
| Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header; does not properly block data: URIs in Location headers in HTTP responses, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within (a) 301 and (b) 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (7) injecting a Location HTTP response header or (8) specifying the content of a Location HTTP response header. | ||||
| CVE-2009-3021 | 2 Geeklog, Yoshinori Tahara | 2 Geeklog, Mycaljp | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3029 | 1 Symantec | 1 Securityexpressions Audit And Compliance Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via "external client input" that triggers crafted error messages. | ||||
| CVE-2009-3030 | 1 Symantec | 1 Securityexpressions Audit And Compliance Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to an "HTML Injection issue." | ||||
| CVE-2009-3562 | 1 Xerver | 1 Xerver | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action. | ||||
| CVE-2009-3565 | 1 Mcafee | 1 Intrushield Network Security Manager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter. | ||||
| CVE-2009-3566 | 1 Mcafee | 1 Intrushield Network Security Manager | 2026-04-23 | N/A |
| McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2009-3579 | 1 Mortbay | 1 Jetty | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/. | ||||
| CVE-2009-3594 | 1 Blob | 1 Blog System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter. | ||||
| CVE-2009-3592 | 1 Qtmsoft | 1 X-cart | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823. | ||||