Export limit exceeded: 45641 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45641 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0664 | 1 Mahara | 1 Mahara | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view. | ||||
| CVE-2009-0736 | 1 Simon Brown | 1 Pebble | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3648 | 2 Apsivam, Drupal | 2 Service Links, Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names. | ||||
| CVE-2009-0762 | 1 Scriptsez | 1 Ez Php Comment | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP Comment allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-0763 | 1 Bookelves | 1 Kipper | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 allows remote attackers to inject arbitrary web script or HTML via the charm parameter. | ||||
| CVE-2009-0764 | 1 Bookelves | 1 Kipper | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 allow remote attackers to inject arbitrary web script or HTML via the charm parameter to (1) index.php and (2) kipper.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-1315 | 1 Abk-soft | 1 Ablespace | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter to groups_profile.php, (2) cat_id and (3) razd_id parameters to adv_cat.php, and the (4) URL to blogs_full.php. | ||||
| CVE-2009-1320 | 1 Zazzle | 1 Store Builder | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in include/zstore.php in Zazzle Store Builder 1.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) gridPage and (2) gridSort parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3530 | 1 Radscripts | 1 Radbids | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remote attackers to inject arbitrary web script or HTML via the mode parameter. | ||||
| CVE-2009-1333 | 1 Hp | 1 Deskjet 6840 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the web interface on the HP Deskjet 6840 printer with firmware XF1M131A allows remote attackers to inject arbitrary web script or HTML via the POST request body. | ||||
| CVE-2009-3647 | 1 Yabsoft | 1 Mega File Hosting Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-3540 | 1 Yourfreeworld | 1 Ultra Classifieds Pro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in listads.php in YourFreeWorld Ultra Classifieds Pro allows remote attackers to inject arbitrary web script or HTML via the cn parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-1418 | 1 Hp | 1 System Management Homepage | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4616 | 1 Myrephp | 1 Myre Holiday Rental Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday Rental Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter. | ||||
| CVE-2009-1448 | 1 Lovpop | 1 Apricot | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net APRICOT, probably 1.20, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2009-4610 | 1 Mortbay | 1 Jetty | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/. | ||||
| CVE-2009-1554 | 2 Oracle, Sun | 2 Glassfish Server, Woodstock | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF. | ||||
| CVE-2009-4609 | 1 Mortbay | 1 Jetty | 2026-04-23 | N/A |
| The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable. | ||||
| CVE-2009-2074 | 1 Drupal | 2 Drupal, Nodequeue | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names. | ||||
| CVE-2009-2076 | 1 Drupal | 2 Drupal, Views | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions. | ||||