Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2401 | 1 Phpecho Cms | 1 Phpecho Cms | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post. | |||||
| CVE-2009-3016 | 1 Apple | 1 Safari | 2017-09-19 | 4.3 MEDIUM | N/A |
| Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. | |||||
| CVE-2009-3155 | 2 Almondsoft, Joomla | 2 Com Aclassf, Joomla | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter. | |||||
| CVE-2009-3714 | 1 Maniacomputer | 1 Mcshoutbox | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin_login.php in MCshoutbox 1.1 allows remote attackers to inject arbitrary web script or HTML via the loginerror parameter. | |||||
| CVE-2009-3530 | 1 Radscripts | 1 Radbids | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remote attackers to inject arbitrary web script or HTML via the mode parameter. | |||||
| CVE-2009-4562 | 1 Zenphoto | 1 Zenphoto | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter. | |||||
| CVE-2009-3247 | 1 Vtiger | 1 Vtiger Crm | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote attackers to inject arbitrary web script or HTML via the action parameter to phprint.php. NOTE: the query_string vector is already covered by CVE-2008-3101.3. | |||||
| CVE-2009-3506 | 1 Jean-michel Wyttenbach | 1 Cmsphp | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) cook_user parameter to index.php and the (2) name parameter to modules.php. | |||||
| CVE-2009-2219 | 1 David Degner | 1 Phpcollegeexchange | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2) home parameter to (d) i_head.php or (e) i_nav.php, or (f) allbooks.php, (g) home.php, or (h) i_nav.php in books/. | |||||
| CVE-2009-2594 | 1 Censura | 1 Censura | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in censura.php in Censura 1.16.04 allows remote attackers to inject arbitrary web script or HTML via the itemid parameter in a details action. | |||||
| CVE-2009-2778 | 1 Garagesalesjunkie | 1 Garagesales Script | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4478 | 1 Xstate | 1 Real Estate | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real Estate 1.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) home.html or (2) lands.html. | |||||
| CVE-2009-2330 | 1 Cms.tut.su | 1 Cms Chainuk | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter. | |||||
| CVE-2009-3348 | 1 Datavore | 1 Gyro | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component. | |||||
| CVE-2009-4542 | 1 Isolsoft | 1 Support Center | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2009-3757 | 1 Citrix | 1 Xencenterweb | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2920 | 1 Elvinbts | 1 Elvinbts | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail, (5) Pass, and (6) Confirm pass fields to createaccount.php. | |||||
| CVE-2009-4544 | 1 Cromosoft | 1 Facil Helpdesk | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2009-2928 | 1 Tgs-cms | 1 Tgs Content Management | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary web script or HTML via the previous_page parameter, a different vector than CVE-2008-6839. | |||||
| CVE-2009-3420 | 1 Intesync | 1 Miniweb | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Publisher module 2.0 for Miniweb allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter and the (2) PATH_INFO. | |||||