Total
27880 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0679 | 1 Ravenphpscripts | 1 Ravennuke | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Your Account module in RavenNuke 2.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3030 | 1 Symantec | 1 Securityexpressions Audit And Compliance Server | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to an "HTML Injection issue." | |||||
| CVE-2009-1557 | 1 Cisco | 1 Wvc54gca | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi. | |||||
| CVE-2009-3016 | 1 Apple | 1 Safari | 2023-12-10 | 4.3 MEDIUM | N/A |
| Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. | |||||
| CVE-2008-6108 | 1 Gwm | 1 Galatolo Webmanager | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in result.php in Galatolo WebManager (GWM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter. | |||||
| CVE-2008-1793 | 1 Hoffice | 3 Smart Classified Ads, Smart Photo Ads, Smart Photo Ads Gold | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Smart Classified ADS Professional, Smart Photo ADS, and Smart Photo ADS Gold allow remote attackers to inject arbitrary web script or HTML via the (1) AdNum and (2) Department parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6360 | 1 Impresscms | 1 Impresscms | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2292 | 1 Appleple | 1 A-news | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-1481 | 1 Webspell | 1 Webspell | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6439 | 1 Abledating | 1 Abledating | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
| CVE-2008-2571 | 1 Limesurvey | 1 Limesurvey | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerly PHPSurveyor) before 1.71 allows remote attackers to change arbitrary quotas as administrators via a "modify quota" action. | |||||
| CVE-2008-2677 | 1 Telephone | 1 Telephone Directory 2008 | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2008-2068 | 1 Wordpress | 1 Wordpress | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-2777 | 1 Luca Corbo | 1 Ortro | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-3587 | 1 Needscripts | 1 Homes 4 Sale | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter. | |||||
| CVE-2009-1484 | 1 Gecad | 1 Axigen Mail Server | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web mail interface feature in AXIGEN Mail Server 6.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving e-mail messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4083 | 1 Brim-project | 1 Brim | 2023-12-10 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2011 | 1 National Rail Enquiries | 1 National Rail Enquiries Live Departure Boards | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the National Rail Enquiries Live Departure Boards gadget before 1.1 allows remote National Rail Enquiries servers or man-in-the-middle attackers to inject arbitrary web script or HTML, and execute arbitrary code, via a response body, as demonstrated by a SCRIPT element that references a vbscript: URI. | |||||
| CVE-2008-6915 | 1 Zeeways | 1 Zeeproperty | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view_prop_details.php in Zeeways ZEEPROPERTY 1.0 allows remote attackers to inject arbitrary web script or HTML via the propid parameter. | |||||
| CVE-2008-4724 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||