Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6403 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3262 1 Ibm 1 Tivoli Identity Manager 2009-09-21 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile.
CVE-2009-3256 1 Livestreet 1 Livestreet 2009-09-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the URI, as demonstrated by a SCRIPT element in an arbitrary parameter such as the asd parameter.
CVE-2009-3260 1 Livestreet 1 Livestreet 2009-09-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment.
CVE-2009-2937 1 Intertwingly 2 Planet, Planet Venus 2009-09-18 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed.
CVE-2009-3240 2 Ohwada, Xoops 2 Xf-section, Xoops 2009-09-18 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3227 1 Almondsoft 2 Affiliate Network Classifieds, Almond Classifieds 2009-09-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to inject arbitrary web script or HTML via the city parameter in a search action. NOTE: some of these details are obtained from third party information.
CVE-2009-3225 1 Almondsoft 1 Almond Classifieds 2009-09-17 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php. NOTE: some of these details are obtained from third party information.
CVE-2009-3198 1 Jce-tech 1 Affiliate Master Datafeed Parser 2009-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech Affiliate Master Datafeed Parser Script 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2009-3197 1 Jce-tech 1 Php Calendars Script 2009-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP Calendars Script allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2009-3196 1 Jce-tech 1 Php Video Script 2009-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter.
CVE-2009-3195 1 Jce-tech 1 Auction Rss Content Script 2009-09-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rss.php and (2) search.php.
CVE-2009-3187 1 Standalonearcade 1 Saa 2009-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in gamelist.php in Stand Alone Arcade 1.1 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2009-3194 1 Jce-tech 1 Searchfeed Script 2009-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech SearchFeed Script allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2009-3189 1 Digioz 1 Digioz Guestbook 2009-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in DigiOz Guestbook 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter.
CVE-2009-3186 1 Videogirls 1 Videogirls Biz 2009-09-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to forum.php, (2) profile_name parameter to profile.php, and (3) p parameter to view.php.
CVE-2007-6729 1 Zyxel 1 P-330w Router 2009-09-15 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors.
CVE-2008-0131 1 Instantsoftwares 1 Dating Site 2009-09-15 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-7223 1 Linpha 1 Linpha 2009-09-15 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php.
CVE-2009-3021 2 Geeklog, Yoshinori Tahara 2 Geeklog, Mycaljp 2009-09-15 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3157 2 Drupal, Karen Stevenson 2 Drupal, Calendar 2009-09-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.
CVE-2008-7202 1 Openwebmail.acatysmoof 1 Openwebmail 2009-09-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail before 2.53 (Stable) allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2009-3162 1 Multi-website 1 Multi Website 2009-09-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to the default URI.
CVE-2009-3147 1 Allenthusiast 1 Reviewpost Php Pro 2009-09-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in showproduct.php in ReviewPost Pro vB3 allows remote attackers to inject arbitrary web script or HTML via the date parameter.
CVE-2009-3120 1 Bigace 1 Bigace 2009-09-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-3066 1 Propertywatchscript 1 Property Watch 2009-09-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php.
CVE-2009-3060 1 Allpublication 1 Jboard 2009-09-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the notice parameter to editform.php, (2) the edit_user_message parameter to core/edit_user_message.php, or (3) the user_title parameter to inc/head.inc.php, reachable through any PHP script.
CVE-2009-3057 1 Aom-software 1 Beex 2009-09-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php.
CVE-2009-3067 1 Webformatique 1 Reservation Manager 2009-09-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Reservation Manager allows remote attackers to inject arbitrary web script or HTML via the resman_startdate parameter.
CVE-2008-7147 1 Intralearn 1 Intralearn 2009-09-03 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allow remote attackers to inject arbitrary web script or HTML via the (1) outline and (2) course parameters to library/description_link.cfm, or the (3) records_to_display and (4) the_start parameters to library/courses_catalog.cfm.
CVE-2009-2739 1 Freenas 1 Freenas 2009-09-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-1485 1 Punbb 1 Punbb 2009-09-01 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php.
CVE-2009-3012 1 Mozilla 1 Firefox 2009-09-01 4.3 MEDIUM N/A
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site.
CVE-2008-7121 1 Mrcgiguy 1 Hot Links Sql-php 2009-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar.
CVE-2009-1875 1 Adobe 1 Coldfusion 2009-08-26 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877.
CVE-2009-1877 1 Adobe 1 Coldfusion 2009-08-26 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875.
CVE-2009-2959 1 Buildbot 1 Buildbot 2009-08-25 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-0749 1 Calimero.cms 1 Calimero.cms 2009-08-25 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS 3.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a calimero_webpage action.
CVE-2009-2913 1 Xzeroscripts 1 Xzero Community Classifieds 2009-08-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2424 1 Clone2009 1 Ebay Clone 2009-08-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone 2009 allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
CVE-2009-2226 1 Php.s3 1 Tree Bbs 2009-08-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2882 1 Datingpro 1 Matchmaking 2009-08-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
CVE-2009-2893 1 Xzeroscripts 1 Xzero Community Classifieds 2009-08-20 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter.
CVE-2009-2738 1 Freenas 1 Freenas 2009-08-18 4.3 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.
CVE-2009-2771 1 Freearcadescript 1 Free Arcade Script 2009-08-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to the default URI under search/.
CVE-2008-6105 1 Ibm 2 Workplace For Business Controls And Reporting, Workplace Web Content Management 2009-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2009-2492 3 Six Apart, Six Apart Ltd, Sixapart 3 Movable Type, Movable Type, Movable Type 2009-08-07 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.
CVE-2009-2284 1 Phpmyadmin 1 Phpmyadmin 2009-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
CVE-2009-2316 1 Ibm 1 Tivoli Identity Manager 2009-08-05 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector.
CVE-2008-6885 1 Xoops 1 Xoops 2009-08-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message.
CVE-2008-6879 1 Apache 1 Roller 2009-07-31 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.