Export limit exceeded: 14569 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 23543 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 47290 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47290 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2127 1 Elvinbts 1 Elvinbts 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-3260 1 Claroline 1 Claroline 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
CVE-2009-2141 1 Tbdev 1 Tbdev.net 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php.
CVE-2008-2206 1 Maianscriptworld 1 Maian Music 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter in a search action to index.php, and the (2) msg_script parameter to admin/inc/footer.php.
CVE-2009-2162 2 Ishii, Xoops 2 Pukiwikimod, Xoops 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6061 1 Techsmith 1 Camtasia Studio 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) controller files created by Techsmith Camtasia Studio before 5 allows remote attackers to inject arbitrary additional SWF content via a URL in the csPreloader parameter.
CVE-2009-2181 1 Campware.org 1 Campsite 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin-files/templates/list_dir.php in Campsite 3.3.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the listbasedir parameter.
CVE-2008-6060 1 Infosoftglobal 1 Fusion Charts 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by InfoSoft FusionCharts allows remote attackers to inject arbitrary additional SWF content via a URL in the SRC attribute of an IMG element in the dataURL parameter.
CVE-2007-4465 2 Apache, Redhat 6 Http Server, Certificate System, Enterprise Linux and 3 more 2026-04-23 6.1 Medium
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
CVE-2009-2211 1 Ibm 1 Rational Clearquest 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2221 1 Php.s3 1 Php-i-board 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2226 1 Php.s3 1 Tree Bbs 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2228 1 Kasseler-cms 1 Kasseler Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action.
CVE-2009-2350 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312.
CVE-2008-2207 1 Maianscriptworld 1 Maian Gallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/index.php in Maian Gallery 2.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.
CVE-2008-3184 1 Vbulletin 1 Vbulletin 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code.
CVE-2009-3067 1 Webformatique 1 Reservation Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Reservation Manager allows remote attackers to inject arbitrary web script or HTML via the resman_startdate parameter.
CVE-2008-6034 1 Achievo 1 Achievo 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2284 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
CVE-2009-3152 1 Nt 1 Bbs E-market 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view action.