Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4829 | 3 Drupal, James Glasgow, John Vandervort | 3 Drupal, Autologout, Autologout | 2010-04-28 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1536 | 2 Drupal, Mearra | 2 Drupal, Addthis | 2010-04-27 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4813 | 1 Mybboard | 1 Mybb | 2010-04-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action. | |||||
| CVE-2009-0816 | 1 Typo3 | 1 Typo3 | 2010-04-27 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields. | |||||
| CVE-2010-1530 | 2 Drupal, Reyero | 2 Drupal, I18n | 2010-04-27 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input. | |||||
| CVE-2010-1541 | 1 Dragonfrugal | 1 Dfd Cart | 2010-04-27 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category and (2) list_quantity parameters to index.php, and the (3) category parameter to your.order.php. | |||||
| CVE-2009-4780 | 1 Phpmyfaq | 1 Phpmyfaq | 2010-04-24 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4786 | 1 Pligg | 1 Pligg Cms | 2010-04-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7) user_add_remove_links.php, and (8) user_settings.php. | |||||
| CVE-2010-0725 | 1 Mhd Zaher Ghaibeh | 1 Arab Cart | 2010-04-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2010-1371 | 1 Preprojects | 1 Pre Classified Listings Asp | 2010-04-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to inject arbitrary web script or HTML via the address parameter. | |||||
| CVE-2010-1362 | 2 Ben Jeavons, Drupal | 2 Ownterm, Drupal | 2010-04-14 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML via the term description field in a term listing page. | |||||
| CVE-2010-1358 | 2 Drupal, Ron Jerome | 2 Drupal, Bibliography | 2010-04-14 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1367 | 1 Uiga | 1 Fan Club | 2010-04-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/admin_login.php in Uiga Fan Club, as downloaded on 20100310, allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name and (2) admin_password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1339 | 2 Robertotto, Woltlab | 2 Teamsite Hack Plugin, Burning Board | 2010-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1276 | 1 Bbsxp | 1 Bbsxp | 2010-04-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 allow remote attackers to inject arbitrary web script or HTML via the URI in a request to (1) AddPost.asp, (2) AddTopic.asp, (3) Admin_Default.asp, (4) Bank.asp, (5) Manage.asp, and (6) ShowPost.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1195 | 1 Ikiwiki | 1 Ikiwiki | 2010-04-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI. | |||||
| CVE-2010-1112 | 1 Tristan Barczyk | 1 Klonews | 2010-03-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2009-2907 | 1 Springsource | 3 Application Management Suite, Hyperic Hq, Tc Server | 2010-03-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields." | |||||
| CVE-2010-1079 | 1 Sawmill | 1 Sawmill | 2010-03-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1076 | 1 Entrylevelcms | 1 El Cms | 2010-03-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1048 | 1 Uiga | 1 Business Portal | 2010-03-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Business Portal allows remote attackers to inject arbitrary web script or HTML via the textcomment parameter (aka the Comment Box) in a noentryid action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1052 | 1 Alexandre Dubus | 1 Audistat | 2010-03-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) mday parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1020 | 2 Sk-typo3, Typo3 | 2 Sk Simplegallery, Typo3 | 2010-03-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1005 | 2 Mischa Heimann, Typo3 | 2 Yatse, Typo3 | 2010-03-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1014 | 2 Steffen Kamper, Typo3 | 2 Reports Logview, Typo3 | 2010-03-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1008 | 2 Christian Hennecke, Typo3 | 2 Chsellector, Typo3 | 2010-03-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1021 | 2 Mads Brunn, Typo3 | 2 T3quixplorer, Typo3 | 2010-03-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-0736 | 1 Viewvc | 1 Viewvc | 2010-03-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input." | |||||
| CVE-2009-4714 | 1 Alexandre Amaral | 1 Xoops Celepar | 2010-03-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php. | |||||
| CVE-2010-0979 | 1 Obsession-design | 1 Image-gallery | 2010-03-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter. | |||||
| CVE-2010-0963 | 1 Yuri D\'elia | 1 Dl | 2010-03-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4717 | 1 Gonafish | 1 Webstatcaffe | 2010-03-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the (1) host parameter to stat/host.php, nodayshow parameter to (2) mostvisitpage.php and (3) visitorduration.php in stat/, (4) nopagesmost parameter to stat/mostvisitpagechart.php, and date parameter to (5) pageviewers.php, (6) pageviewerschart.php, and (7) referer.php in stat/. | |||||
| CVE-2009-4705 | 2 Thomas Loeffler, Typo3 | 2 Twittersearch, Typo3 | 2010-03-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4706 | 2 Sebastian Winterhalder, Typo3 | 2 Mailform, Typo3 | 2010-03-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4707 | 2 Maximo Cuadros, Typo3 | 2 Gb Fenewssubmit, Typo3 | 2010-03-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4688 | 1 Resalecode | 1 Php Shopping Cart Selling Website Script | 2010-03-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters. | |||||
| CVE-2010-0927 | 1 Ibm | 1 Lotus Domino | 2010-03-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920. | |||||
| CVE-2010-0920 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2010-03-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes." | |||||
| CVE-2010-0726 | 1 Tdiary | 1 Tdiary | 2010-03-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack transmission) plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the (1) plugin_tb_url and (2) plugin_tb_excerpt parameters. | |||||
| CVE-2010-0797 | 2 Snowflake, Typo3 | 2 T3blog, Typo3 | 2010-03-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-0695 | 1 Basic-cms | 1 Basic-cms | 2010-03-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-CMS allows remote attackers to inject arbitrary web script or HTML via the nav_id parameter. | |||||
| CVE-2010-0704 | 1 Ibm | 1 Websphere Portal | 2010-03-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field. | |||||
| CVE-2009-4568 | 1 Webmin | 2 Usermin, Webmin | 2010-02-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-0699 | 1 Videosearchscript | 1 Videosearchscript Pro | 2010-02-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2009-4651 | 2 Joomla, Onnogroen | 2 Joomla\!, Com Webeecomment | 2010-02-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors. | |||||
| CVE-2010-0675 | 1 Bgsvetionik | 1 Bgs Cms | 2010-02-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik BGS CMS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2003-1581 | 1 Apache | 1 Http Server | 2010-02-08 | 2.6 LOW | N/A |
| The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | |||||
| CVE-2010-0470 | 1 Comtrend | 1 Ct-507it Adsl Router | 2010-02-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend CT-507IT ADSL Router allows remote attackers to inject arbitrary web script or HTML via the srvName parameter. | |||||
| CVE-2010-0363 | 1 Zeus | 1 Zeus Web Server | 2010-02-02 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Zeus Web Server before 4.3r5, when SSL is enabled for the admin server, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2002-1785. | |||||
| CVE-2004-2765 | 2 Redhat, Sun | 4 Enterprise Linux, Iplanet Messaging Server, One Messaging Server and 1 more | 2010-01-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. | |||||