Export limit exceeded: 45724 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46955 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46955 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3629 | 1 Typo3 | 1 Typo3 | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-3255 | 1 Ln-lab | 1 Webproxy | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in LunarNight Laboratory WebProxy 1.7.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3016 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. | ||||
| CVE-2009-3014 | 1 Mozilla | 3 Firefox, Mozilla, Seamonkey | 2026-04-23 | N/A |
| Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header. | ||||
| CVE-2008-3253 | 1 Citrix | 1 Xenserver | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-2940 | 2 Pygresql, Python | 2 Pygresql, Python | 2026-04-23 | N/A |
| The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | ||||
| CVE-2009-2937 | 1 Intertwingly | 2 Planet, Planet Venus | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed. | ||||
| CVE-2009-2932 | 1 Sap | 1 Netweaver | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field. | ||||
| CVE-2007-2206 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a leading "<"<" in the ripeformpost parameter. | ||||
| CVE-2008-4076 | 1 Tor World | 4 Interactive Bbs, Simple Bbs, Topics Bbs and 1 more | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917. | ||||
| CVE-2008-4083 | 1 Brim-project | 1 Brim | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6200 | 1 Wiki | 1 Swiki | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Swiki 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the query string and (2) a new wiki entry. | ||||
| CVE-2008-4456 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67. | ||||
| CVE-2008-6764 | 1 Hypersilence | 1 Silentum Loginsys | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Silentum LoginSys 1.0.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2008-6217 | 1 Extrakt | 1 Extrakt Framework | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Extrakt Framework 0.7 allows remote attackers to inject arbitrary web script or HTML via the plugins[file][id] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6501 | 1 Prochatrooms | 1 Pro Chat Rooms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro Chat Rooms 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the gud parameter. | ||||
| CVE-2008-5202 | 1 Otmanager | 1 Otmanager Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter. | ||||
| CVE-2008-6893 | 2 Alt-n, Microsoft | 2 Worldclient, Internet Explorer | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag. | ||||
| CVE-2008-5770 | 1 Phpweather | 1 Phpweather | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2008-5203 | 1 Poweraward | 1 Poweraward | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter. | ||||