Export limit exceeded: 346711 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45592 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5202 | 1 Otmanager | 1 Otmanager Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter. | ||||
| CVE-2008-5203 | 1 Poweraward | 1 Poweraward | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter. | ||||
| CVE-2008-5211 | 1 Sphider | 1 Sphider | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506. | ||||
| CVE-2008-5214 | 1 Clanlite | 1 Clanlite | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in service/calendrier.php in ClanLite 2.2006.05.20 allows remote attackers to inject arbitrary web script or HTML via the annee parameter. | ||||
| CVE-2008-5228 | 1 Ibm | 1 Workplace Content Management | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Workplace Content Management (WCM) 6.0G and 6.1 before CF8, when a Page Navigation Component shows menu entries, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the URI, related to parameters "not being encoded." | ||||
| CVE-2008-5249 | 1 Mediawiki | 1 Mediawiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-5250 | 1 Mediawiki | 1 Mediawiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page. | ||||
| CVE-2008-5264 | 1 Tornado | 1 Tornado Knowledge Retrieval System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action. | ||||
| CVE-2008-5552 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." | ||||
| CVE-2008-5553 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." | ||||
| CVE-2008-5554 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." | ||||
| CVE-2008-5555 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." | ||||
| CVE-2008-5556 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design. | ||||
| CVE-2008-5566 | 1 Phpmultiplenewsletters | 1 Phpmultiplenewsletters | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Triangle Solutions PHP Multiple Newsletters 2.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2008-5584 | 1 Projectpier | 1 Projectpier | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a message, (2) a milestone, or (3) a display name in a profile, or the (4) a or (5) c parameter to index.php. | ||||
| CVE-2008-5591 | 1 Iwrite | 1 Nightfall Personal Diary | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Personal Diary 1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter and possibly other "login fields." NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5656 | 1 Typo3 | 1 Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2008-5668 | 1 Textpattern | 1 Textpattern | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section. | ||||
| CVE-2008-5682 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. | ||||
| CVE-2008-5717 | 1 Hitachi | 1 Jp1 Integrated Management Service Support | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Management - Service Support 08-10 through 08-10-05, 08-11 through 08-11-03, and 08-50 through 08-50-03 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||