Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1986 | 1 Pixel Motion | 1 Pixel Motion Blog | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in liste_article.php in Blog Pixel Motion (aka PixelMotion) allows remote attackers to inject arbitrary web script or HTML via the jours parameter. | |||||
| CVE-2008-1987 | 1 Encaps | 1 Encapsgallery | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in EncapsGallery 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2008-2046 | 1 Softpedia | 1 Sitexs Cms | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Softpedia SiteXS CMS 0.1.1 Pre-Alpha allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2008-2030 | 1 F5 | 2 Firepass 4100, Firepass Ssl Vpn | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2035 | 2 Bluemoon, Xoops | 7 Backpack, Bmsurvey, Newbb Fileup and 4 more | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) BackPack 0.91 and earlier, (2) BmSurvey 0.84 and earlier, (3) newbb_fileup 1.83 and earlier, (4) News_embed (news_fileup) 1.44 and earlier, and (5) PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-2037 | 1 Editeurscripts | 1 Escontacts | 2017-08-08 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts EsContacts 1.0 allow remote authenticated users to inject arbitrary web script or HTML via the msg parameter to (1) login.php, (2) importer.php, (3) add_groupe.php, (4) contacts.php, (5) groupes.php, and (6) search.php. | |||||
| CVE-2008-2068 | 1 Wordpress | 1 Wordpress | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-2123 | 1 Sap | 1 Internet Transaction Server | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114. | |||||
| CVE-2008-2126 | 1 Tux Cms | 1 Tux Cms | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to index.php and the (2) returnURL parameter to tux-login.php. | |||||
| CVE-2008-2133 | 1 Tru-zone | 1 Nukeet | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter in a new entry, as demonstrated by a CSS property in the STYLE attribute of a DIV element, a different vulnerability than CVE-2008-1873. | |||||
| CVE-2008-2162 | 1 Sonicwall | 1 E-mail Security | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page. | |||||
| CVE-2008-2163 | 2 Ibm, Microsoft | 4 Aix, I5os, Lotus Quickr and 1 more | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors." | |||||
| CVE-2008-2166 | 1 Sun | 1 Java System Web Server | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp. | |||||
| CVE-2008-2179 | 1 Ilient | 1 Sysaid | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SystemList.jsp in SysAid 5.1.08 allows remote attackers to inject arbitrary web script or HTML via the searchField parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2219 | 1 C-news.fr | 1 C-news | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in install.php in C-News.fr C-News 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the etape parameter. | |||||
| CVE-2008-2236 | 1 Blosxom | 1 Blosxom | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the flav parameter (flavour variable). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2264 | 1 Oued | 1 Cyrixmed | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 allows remote attackers to inject arbitrary web script or HTML via the msg_erreur parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2274 | 1 Typo3 | 1 Sr Feuser Register Extension | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-2280 | 1 Scriptphp | 1 Picengine | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.php in Script PHP PicEngine 1.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2302 | 1 Django Project | 1 Django | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request. | |||||
| CVE-2008-2344 | 1 Typo3 | 1 Air Filemanager | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-1007 | 1 Apple | 1 Safari | 2017-08-08 | 4.3 MEDIUM | N/A |
| WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | |||||
| CVE-2007-6270 | 1 Xigla | 1 Absolute News Manager.net | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx. | |||||
| CVE-2007-6274 | 1 Bcoos | 1 Bcoos | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter. | |||||
| CVE-2008-1222 | 1 Dokeos | 1 Open Source Learning And Knowledge Management Tool | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-1006 | 1 Apple | 1 Safari | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page. | |||||
| CVE-2008-1002 | 1 Apple | 1 Safari | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. | |||||
| CVE-2008-1003 | 1 Apple | 1 Safari | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain. | |||||
| CVE-2008-1004 | 1 Apple | 1 Safari | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector. | |||||
| CVE-2008-1076 | 1 Interspire | 1 Shopping Cart | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Interspire Shopping Cart 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-6452 | 1 Google | 1 Web Toolkit | 2017-08-08 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). | |||||
| CVE-2007-6673 | 1 Makale Scripti | 1 Makale Scripti | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action. | |||||
| CVE-2008-0292 | 1 Dansie | 1 Photo Album | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1165 | 1 Flyspray | 1 Flyspray | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0335 | 1 Bugtracker.net | 1 Bugtracker.net | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field. | |||||
| CVE-2008-0354 | 1 Ibm | 1 Lotus Sametime | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim. | |||||
| CVE-2008-1168 | 1 Sarg | 1 Squid Analysis Report Generator | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1225 | 1 Webct | 1 Webct | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebCT Campus Edition 4.1.5.8, when "Don't wrap text" is enabled, allow remote authenticated users to inject arbitrary web script or HTML via a (1) mail message or (2) discussion board message. NOTE: this might overlap CVE-2005-1076. | |||||
| CVE-2007-6477 | 1 Citrix | 1 Web Interface | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-0093 | 1 Eticket | 1 Eticket | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters. | |||||
| CVE-2007-6695 | 1 Drake Team | 1 Drake Cms | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter. | |||||
| CVE-2007-6486 | 1 Geek-palace.com | 1 Lineshout | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6346 | 1 Rainboard | 1 Rainboard | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-6520 | 1 Opera | 1 Opera Browser | 2017-08-08 | 4.3 MEDIUM | N/A |
| Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. | |||||
| CVE-2008-1224 | 1 Bosdev | 1 Bosclassifieds Classified Ads | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in account.php in BosClassifieds Classified Ads System 3.0 allows remote attackers to inject arbitrary web script or HTML via the returnTo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-6522 | 1 Opera | 1 Opera Browser | 2017-08-08 | 4.3 MEDIUM | N/A |
| The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. | |||||
| CVE-2008-0769 | 1 Opentext | 1 Livelink Ecm | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input. | |||||
| CVE-2008-0793 | 1 Tendenci | 1 Cms | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) searchtext, (3) jobcategoryid, (4) contactcompany, and unspecified other parameters. NOTE: some of these details are obtained from third party information. NOTE: it is not clear whether this affects Tendenci Enterprise Edition in addition to the product's deployment on Tendenci's own server farm. If only the latter was affected, then this issue should not be included in CVE. | |||||
| CVE-2008-0404 | 1 Mantis | 1 Mantis | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary. | |||||
| CVE-2007-6674 | 1 Rapidshare | 1 Database | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attackers to inject arbitrary web script or HTML via the Arayalim parameter. | |||||