Export limit exceeded: 46786 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46786 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3601 | 1 Scriptsez | 1 Ultimate Poll | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote attackers to inject arbitrary web script or HTML via the clr parameter in a vote action. | ||||
| CVE-2009-2890 | 1 Phpscriptsnow | 1 Riddles | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter. | ||||
| CVE-2009-2893 | 1 Xzeroscripts | 1 Xzero Community Classifieds | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter. | ||||
| CVE-2009-3636 | 1 Typo3 | 1 Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2009-3652 | 2 Drupal, Moshe Weitzman | 2 Drupal, Organic Groups | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095. | ||||
| CVE-2009-3653 | 2 Darren Oh, Drupal | 2 Xml Sitemap, Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output. | ||||
| CVE-2009-2897 | 1 Springsource | 3 Application Management Suite, Hyperic Hq, Tc Server | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/GenericError.jsp in the generic exception handler in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allow remote attackers to inject arbitrary web script or HTML via invalid values for numerical parameters, as demonstrated by an uncaught java.lang.NumberFormatException exception resulting from (1) the typeId parameter to mastheadAttach.do, (2) the eid parameter to Resource.do, and (3) the u parameter in a view action to admin/user/UserAdmin.do. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2898 | 1 Springsource | 3 Application Management Suite, Hyperic Hq, Tc Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users to inject arbitrary web script or HTML via the Description field. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2947 | 1 Xapian | 1 Omega | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages. | ||||
| CVE-2009-3146 | 1 Articlefriend | 1 Articlefriend Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search_advance.php in ArticleFriend Script allows remote attackers to inject arbitrary web script or HTML via the SearchWd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-3747 | 1 Tbmnet | 1 Tbmnetcms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter. NOTE: this was originally reported for tbmnet.php, but that program does not exist in the TBmnetCMS 1.0 distribution. | ||||
| CVE-2009-3121 | 2 Chris Shattuck, Drupal | 2 Ajaxtable, Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3120 | 1 Bigace | 1 Bigace | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3147 | 1 Allenthusiast | 1 Reviewpost Php Pro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in showproduct.php in ReviewPost Pro vB3 allows remote attackers to inject arbitrary web script or HTML via the date parameter. | ||||
| CVE-2009-3105 | 1 Ibm | 1 Domino Web Access | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC. | ||||
| CVE-2009-3152 | 1 Nt | 1 Bbs E-market | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view action. | ||||
| CVE-2009-3067 | 1 Webformatique | 1 Reservation Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Reservation Manager allows remote attackers to inject arbitrary web script or HTML via the resman_startdate parameter. | ||||
| CVE-2009-3066 | 1 Propertywatchscript | 1 Property Watch | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php. | ||||
| CVE-2009-3696 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table. | ||||
| CVE-2009-3153 | 1 X10media | 1 Mp3 Search Engine | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php. | ||||