Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 34649 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4756 1 Php-daily 1 Php-daily 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter.
CVE-2008-4333 1 Cannot 1 Php Infoboard 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus allows remote attackers to inject arbitrary web script or HTML via the isname parameter in a newtopic action.
CVE-2008-5770 1 Phpweather 1 Phpweather 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2008-5487 1 Turnkeyforms 1 Text Link Sales 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-4336 1 Constantin Charissis 1 Atomic Photo Album 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to inject arbitrary web script or HTML via the apa_album_ID parameter.
CVE-2008-4591 1 Phpwebgallery 1 Phpwebgallery 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters.
CVE-2008-5889 1 Icash 1 Click\&rank 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2008-5879 1 Phpclanwebsite 1 Phpclanwebsite 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors.
CVE-2008-5918 1 Tigris 1 Websvn 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2008-5193 1 Philboard 1 Philboard 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024.
CVE-2008-6108 1 Gwm 1 Galatolo Webmanager 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in result.php in Galatolo WebManager (GWM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter.
CVE-2008-5939 1 Modxcms 1 Modxcms 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure.
CVE-2008-5061 1 Smolinari 1 Mini Web Calendar 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in php/cal_default.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL.
CVE-2008-5323 1 Easy-script 1 Wysi Wiki Wyg 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg 1.0 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2008-5854 1 Myphpscripts 1 Login Session 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ls_user and (2) ls_email parameters (aka the User form) in an ls_register action. NOTE: some of these details are obtained from third party information.
CVE-2008-5059 1 Modernbill 1 Modernbill 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the new_language parameter in a login action.
CVE-2008-5979 1 Ocean12 Technologies 1 Mailing List Manager 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter.
CVE-2008-6004 1 Aj Square 1 Aj Auction 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter.
CVE-2008-5338 1 Multimania 2 Bandsite Portal System, Bandwebsite 2017-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
CVE-2008-5761 1 Flatnux 1 Flatnux 2017-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name parameter in an insertrecord action to index.php in the 08_Files module, as demonstrated by injection within a SRC attribute of an IFRAME element.