Export limit exceeded: 45684 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45684 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3860 | 2 Ibm, Microsoft | 4 Aix, I5os, Lotus Quickr and 1 more | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163. | ||||
| CVE-2008-6675 | 1 Quickersite | 1 Quickersite | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through default.asp; (4) paramCode and (5) cColor parameters to picker.asp; and the (6) query string, (7) Referer header, and (8) X-FORWARDED-FOR header to rss.asp. | ||||
| CVE-2008-3880 | 1 Zoneminder | 1 Zoneminder | 2026-04-23 | N/A |
| SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter. | ||||
| CVE-2008-6681 | 1 Dojotoolkit | 1 Dojo | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element. | ||||
| CVE-2008-3886 | 1 Dotproject | 1 Dotproject | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action, (3) the callback parameter in a public calendar action, or (4) the type parameter in a ticketsmith action. | ||||
| CVE-2008-6682 | 1 Apache | 1 Struts | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag. | ||||
| CVE-2007-1938 | 1 Ichitaro | 1 Ichitaro | 2026-04-23 | N/A |
| Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact via unspecified vectors in a document distributed through e-mail or a web site, possibly due to a buffer overflow or cross-site scripting (XSS). | ||||
| CVE-2008-6683 | 1 Yourfreeworld | 1 Apartment Search Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter. | ||||
| CVE-2008-6698 | 2 Michael Fritz, Typo3 | 2 Worldcup, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2009-1620 | 1 Mata | 1 Matachat | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in input.php in MataChat allow remote attackers to inject arbitrary web script or HTML via the (1) nickname and (2) color parameters. | ||||
| CVE-2008-3966 | 1 Mybb | 1 Mybb | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php. | ||||
| CVE-2008-6700 | 1 Butterflymedia | 1 Butterfly Organizer | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php. | ||||
| CVE-2008-0381 | 1 Mahara | 1 Mahara | 2026-04-23 | N/A |
| Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files. | ||||
| CVE-2008-3968 | 1 Punbb | 1 Punbb | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | ||||
| CVE-2009-1623 | 1 Dew-code | 1 Dew-newphplinks | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to inject arbitrary web script or HTML via the PID parameter. | ||||
| CVE-2008-0444 | 1 Elog | 1 Elog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components. | ||||
| CVE-2009-0877 | 1 Sun | 1 Java System Communications Express | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field. | ||||
| CVE-2008-0522 | 1 Hal Networks | 3 Perl Cgi Cart, Php Cart, Shop Hal V1 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in multiple Hal Networks shopping-cart products allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-6746 | 1 Horde | 1 Turba H3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name. | ||||
| CVE-2008-0539 | 1 F5 | 1 Big-ip Application Security Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter. | ||||