Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6403 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-5214 1 Clanlite 1 Clanlite 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in service/calendrier.php in ClanLite 2.2006.05.20 allows remote attackers to inject arbitrary web script or HTML via the annee parameter.
CVE-2008-5059 1 Modernbill 1 Modernbill 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the new_language parameter in a login action.
CVE-2008-5487 1 Turnkeyforms 1 Text Link Sales 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-5290 1 Scripts4you 1 Clean Cms 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-5323 1 Easy-script 1 Wysi Wiki Wyg 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg 1.0 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2008-4888 1 Netrisk 1 Netrisk 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-4774 1 Questwork 1 Questcms 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter.
CVE-2008-4756 1 Php-daily 1 Php-daily 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter.
CVE-2008-4333 1 Cannot 1 Php Infoboard 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus allows remote attackers to inject arbitrary web script or HTML via the isname parameter in a newtopic action.
CVE-2008-4336 1 Constantin Charissis 1 Atomic Photo Album 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to inject arbitrary web script or HTML via the apa_album_ID parameter.
CVE-2008-5338 1 Multimania 2 Bandsite Portal System, Bandwebsite 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
CVE-2008-4370 1 Availscript 1 Availscript Photo Album 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Availscript Photo Album allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to pics.php and the (2) a parameter to view.php.
CVE-2008-4372 1 Availscript 1 Availscript Article Script 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in articles.php in AvailScript Article Script allows remote attackers to inject arbitrary web script or HTML via the aIDS parameter.
CVE-2008-4591 1 Phpwebgallery 1 Phpwebgallery 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters.
CVE-2008-4426 1 Phlatline 1 Personal Information Manager 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action.
CVE-2008-2379 1 Squirrelmail 1 Squirrelmail 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.
CVE-2008-2335 1 Vastal 1 Phpvid 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected.
CVE-2008-2295 1 Rgboard 1 Rgboard 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard 3.0.12, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the s_text parameter and other unspecified vectors.
CVE-2008-2979 1 Ourvideo Cms 1 Ourvideo Cms 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php in Ourvideo CMS 9.5 allow remote attackers to inject arbitrary web script or HTML via the (1) top_page and (2) end_page parameters.
CVE-2008-2980 1 Homeph Design 1 Homeph Design 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) error_meldung parameter to admin/features/register/register.php, the (2) feature_language[ueberschrift] parameter to admin/features/memberlist/memberlist.php, the (3) language_array[ueberschrift] parameter to admin/features/lostpassword/lostpassword.php, the (4) language_feature[titel] parameter to admin/features/kalender/eingabe.php, and the (5) language_feature[bildmenu] parameter to admin/features/fotogalerie/eingabe.php.
CVE-2008-2965 1 Jaxbot 1 Jaxultrabb 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in viewforum.php in JaxUltraBB (JUBB) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter.
CVE-2008-2962 1 Myblog 1 Myblog 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) sort parameters to index.php, and the (3) id parameter to post.php.
CVE-2008-2842 1 Doitlive 1 Cms 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter.
CVE-2008-2973 1 Mm Chat 1 Mm Chat 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in MM Chat 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sitename and (2) wmessage parameters.
CVE-2008-2839 1 Traindepot 1 Traindepot 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the search module in Traindepot 0.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to index.php.
CVE-2008-3331 1 Mantis 1 Mantis 2017-09-29 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
CVE-2008-3923 1 Hans Oesterholt 1 Cmme 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action.
CVE-2008-3771 1 Pars4u 1 Videosharing 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in members.php in Pars4u Videosharing 1 allows remote attackers to inject arbitrary web script or HTML via the PageNo parameter.
CVE-2008-2929 2 Fedora, Redhat 2 Directory Server, Directory Server 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.
CVE-2008-3779 1 Review-script 1 Five Star Review Script 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action.
CVE-2008-2984 1 Cmreams 1 Cmreams Cms 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in backend/umleitung.php in CMReams CMS 1.3.1.1 Beta 2 allows remote attackers to inject arbitrary web script or HTML via the lang[be_red_text] parameter.
CVE-2008-3237 1 Itechscripts 1 Itechbids 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter.
CVE-2008-2181 1 Cplinks 1 Cplinks 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the (1) search_text and (2) search_category parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtained from third party information.
CVE-2008-2997 1 Gravityboardx 1 Gravity Board X 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Gravity Board X (GBX) 2.0 Beta allows remote attackers to inject arbitrary web script or HTML via the subject parameter in a postnewsubmit (aka create new thread) action.
CVE-2008-2694 1 Phpinv 1 Phpinv 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
CVE-2008-2680 1 Realm Project 1 Realm Cms 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp in Realm CMS 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) CmpctedDB and (2) Boyut parameters.
CVE-2008-3180 1 Cwh Underground 1 Contentnow Cms 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in upload/file/language_menu.php in ContentNow CMS 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) pageid parameter or (2) PATH_INFO.
CVE-2008-3505 1 Polypager 1 Polypager 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via the nr parameter to the default URI.
CVE-2008-2082 1 Siteman 1 Siteman 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message.
CVE-2008-3088 1 Kasseler-cms 1 Kasseler Cms 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Files module in Kasseler CMS 1.3.0 and 1.3.1 Lite allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a Category action to index.php.
CVE-2008-2127 1 Cms Faethon 1 Cms Faethon 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in CMS Faethon 2.2 Ultimate allows remote attackers to inject arbitrary web script or HTML via the what parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-2677 1 Telephone 1 Telephone Directory 2008 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2008-2911 1 Contenido 1 Contendio 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Contenido 4.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) contenido, (2) Belang, and (3) username parameters.
CVE-2008-2646 1 Mebiblio 1 Mebiblio 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sql parameter to dbadd.inc.php, (2) InsertJournal parameter to add_journal_mask.inc.php, (3) InsertBibliography parameter to insert_mask.inc.php, and (4) LabelYear parameter to search_mask.inc.php.
CVE-2008-3567 1 Nullsoft 1 Winamp 2017-09-29 4.3 MEDIUM N/A
Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.
CVE-2008-2855 1 Ownrs 1 Ownrs 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-4089 1 Myphpnuke 1 Myphpnuke 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
CVE-2008-2975 1 Tinx Cms 1 Tinx Cms 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin/objects/obj_image.php in TinX/cms 1.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter.
CVE-2008-4083 1 Brim-project 1 Brim 2017-09-29 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-2566 1 Php-address Book 1 Php-address Book 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.