Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3011 | 1 Google | 1 Chrome | 2017-08-17 | 4.3 MEDIUM | N/A |
| Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: the JavaScript executes outside of the context of the HTTP site. | |||||
| CVE-2009-4857 | 1 Ecomstudio | 1 Php Photo Vote1.3f | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2009-4690 | 1 Yourfreeworld | 1 Programs Rating Script | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php. | |||||
| CVE-2009-4416 | 1 Phpgroupware | 1 Phpgroupware | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw_" sequence. | |||||
| CVE-2009-4548 | 1 Viart | 1 Viart Helpdesk | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php. | |||||
| CVE-2009-3696 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table. | |||||
| CVE-2009-4063 | 2 Drupal, Ezra Barnett Gildesgame | 2 Drupal, Og Subgroups | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles. | |||||
| CVE-2009-3567 | 1 Kayako | 2 Esupport, Supportsuite | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145. | |||||
| CVE-2009-4853 | 2 Foswiki, Jumpbox | 2 Foswiki, Jumpbox | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before 1.1.2 for Foswiki Wiki System allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3915 | 2 Drupal, John C Fiala | 2 Drupal, Link | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field. | |||||
| CVE-2009-3105 | 1 Ibm | 1 Domino Web Access | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC. | |||||
| CVE-2009-3592 | 1 Qtmsoft | 1 X-cart | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823. | |||||
| CVE-2009-4266 | 1 Yabsoft | 1 Advanced Image Hosting Script | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in YABSoft Advanced Image Hosting (AIH) Script 2.2, and possibly 2.3, allows remote attackers to inject arbitrary web script or HTML via the text parameter. | |||||
| CVE-2009-3918 | 2 Drupal, Karim Ratib | 2 Drupal, Zoomify | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title. | |||||
| CVE-2009-4469 | 1 Giombetti | 1 Phppowercards | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pagenumber.inc.php in phpPowerCards 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) archiv parameter, and the (3) subcat parameter. | |||||
| CVE-2009-3598 | 1 Ecardmax.com | 1 Formxp | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in survey_result.php in eCardMAX FormXP 2007 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | |||||
| CVE-2009-4458 | 1 Freepbx | 1 Freepbx | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action. | |||||
| CVE-2010-0365 | 1 Bitscripts | 1 Bits Video Script | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allows remote attackers to inject arbitrary web script or HTML via the order parameter. | |||||
| CVE-2009-4043 | 2 Drupal, Patrick Przybilla | 2 Drupal, Addtoany | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title. | |||||
| CVE-2009-3647 | 1 Yabsoft | 1 Mega File Hosting Script | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||