Export limit exceeded: 364514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47238 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1980 | 1 Drupal | 2 Drupal, E-publish | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-6341 | 1 Typo3 | 2 Sb Universal Plugin, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-6275 | 2 Drupal, Joomla | 2 User Karma Module, Joomla\! | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages. | ||||
| CVE-2008-1976 | 2 Internationalization Project, Localizer Project | 2 Internationalization, Localizer | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modules (1) Internationalization (i18n) 5.x before 5.x-2.3 and 5.x-1.1 and 6.x before 6.x-1.0 beta 1; and (2) Localizer 5.x before 5.x-3.4, 5.x-2.1, and 5.x-1.11; allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-6217 | 1 Extrakt | 1 Extrakt Framework | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Extrakt Framework 0.7 allows remote attackers to inject arbitrary web script or HTML via the plugins[file][id] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6212 | 1 Php-stats | 1 Php-stats | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats 0.1.9.1 allows remote attackers to inject arbitrary web script or HTML via the (1) sel_mese and (2) sel_anno parameters in a systems action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6208 | 1 E107 | 1 E107 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6190 | 1 Eeb-welt | 1 Eebcms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in EEBCMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter. | ||||
| CVE-2008-5435 | 1 Punbb | 1 Punbb | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject. | ||||
| CVE-2008-5433 | 1 Punbb | 1 Punbb | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field. | ||||
| CVE-2008-5432 | 1 Moodle | 1 Moodle | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title). | ||||
| CVE-2008-4805 | 1 Ibm | 1 Lotus Connections | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4795 | 1 Opera | 1 Opera | 2026-04-23 | N/A |
| The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks. | ||||
| CVE-2008-2421 | 1 Sap | 2 Sap Web Application Server, Web Dynpro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/. | ||||
| CVE-2008-4725 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60. | ||||
| CVE-2008-4671 | 1 Wordpress | 1 Wordpress Mu | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters. | ||||
| CVE-2008-4670 | 1 Ed Putal | 1 Clickbank Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol Clickbank Portal allows remote attackers to inject arbitrary web script or HTML via the search box. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4669 | 1 Dan Fletcher | 1 Recipe Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher Recipe Script allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4661 | 1 Typo3 | 2 Page Improvements, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-4601 | 1 Habari | 1 Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter. | ||||