Export limit exceeded: 363299 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 47131 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47131 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1482 2 Moinmo, Moinmoin 2 Moinmoin, Moinmoin 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
CVE-2008-4370 1 Availscript 1 Availscript Photo Album 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Availscript Photo Album allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to pics.php and the (2) a parameter to view.php.
CVE-2008-4372 1 Availscript 1 Availscript Article Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in articles.php in AvailScript Article Script allows remote attackers to inject arbitrary web script or HTML via the aIDS parameter.
CVE-2008-4393 1 Verisign 1 Kontiki Delivery Management System 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery Management System (DMS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to zodiac/servlet/zodiac.
CVE-2008-5026 1 Microsoft 1 Sharepoint Server 2026-04-23 N/A
Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents.
CVE-2008-5039 2 Php-nuke, Phpnuke 2 League Module, Php-nuke 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php.
CVE-2008-5056 1 Activecampaign 1 Triolive 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to inject arbitrary web script or HTML via the department_id parameter to index.php.
CVE-2008-5093 1 Novell 1 Edirectory 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-5080 1 Awstats 1 Awstats 2026-04-23 N/A
awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714.
CVE-2008-5098 1 Sun 1 Java System Messaging Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-2904.
CVE-2008-5114 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-5119 1 Scripts4profit 1 Dxshopcart 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.php in Scripts4Profit DXShopCart 4.30mc allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
CVE-2008-5203 1 Poweraward 1 Poweraward 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter.
CVE-2009-1501 2 Drupal, Exif 2 Drupal, Exif 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image.
CVE-2008-3730 1 Nordicwind 2 Noah, Nordicwind Document Management System 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-3735 1 Phpizabi 1 Phpizabi 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action.
CVE-2008-3739 2 Spacetag, System Consultants 2 Lacoodast, La Cooda Wiz 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences.
CVE-2008-3740 1 Drupal 1 Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-3781 1 Gmod 1 Gbrowse 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-3782 1 Discountedscripts 1 Acg Ptp 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in ACG-PTP 1.0.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Category name field under Advertisement Packages, the (2) Reason field under Credit/Debit Users, and the (3) FAQ question and (4) FAQ answer fields under Add New FAQ Entry.