Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4370 | 1 Drupal | 1 Drupal | 2017-08-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview. | |||||
| CVE-2009-4573 | 2 Joomla, Joomlabear | 2 Joomla, Mod Joomulus | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action to (1) tagcloud_ell.swf, (2) tagcloud_eng.swf, (3) tagcloud_por.swf, (4) tagcloud_rus.swf, and possibly (5) tagcloud_jpn.swf. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4429 | 2 Alexander Hass, Drupal | 2 Sections Module, Drupal | 2017-08-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field). | |||||
| CVE-2009-4464 | 1 Activewebsoftwares | 1 Active Business Directory | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in searchadvance.asp in Active Business Directory 2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2009-4459 | 1 Redmine | 1 Redmine | 2017-08-17 | 4.3 MEDIUM | N/A |
| Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8. | |||||
| CVE-2009-4975 | 1 Nokia | 1 Qtdemobrowser | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. | |||||
| CVE-2009-4369 | 1 Drupal | 1 Drupal | 2017-08-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name. | |||||
| CVE-2009-4590 | 1 Secureideas | 1 Base | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4567 | 1 Viscacha | 1 Viscacha | 2017-08-17 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the (1) skype, (2) yahoo, (3) aol, (4) msn, or (5) jabber parameter in a profile2 action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4944 | 1 Atutor | 1 Acollab | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) address parameter to profile.php or the (2) description parameter to events/add_event.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3311 | 1 Rssmediascript | 1 Rssmediascript | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2009-4888 | 1 Nskate | 1 Phortail | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in poster.php in PHortail 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) ti, and (4) txt parameters. | |||||
| CVE-2009-4119 | 2 Alex Barth, Drupal | 2 Feed Element Mapper, Drupal | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x before 6.x-1.3, and 6.x-2.0-alpha before 6.x-2.0-alpha4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3783 | 2 Drupal, Sjoerd Arendsen | 2 Drupal, Simplenews Statistics | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector. | |||||
| CVE-2009-3469 | 1 Ibm | 1 Lotus Connections | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||||
| CVE-2009-3360 | 1 Datemill | 1 Datemill | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php. | |||||
| CVE-2009-4381 | 1 Texmedia | 1 Million Pixel Script | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in texmedia Million Pixel Script 3 allows remote attackers to inject arbitrary web script or HTML via the pa parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4908 | 1 Dootzky | 1 Oblog | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the (1) commentName, (2) commentEmail, (3) commentWeb, or (4) commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (5) article_id or (6) title parameter to admin/write.php, the (7) category_id or (8) category_name parameter to admin/groups.php, the (9) blogroll_id or (10) title parameter to admin/blogroll.php, or the (11) blog_name or (12) tag_line parameter to admin/settings.php. | |||||
| CVE-2009-4743 | 1 Afterlogic | 1 Webmail Pro | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters. | |||||
| CVE-2009-4649 | 1 Geccbblite | 1 Geccbblite | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1 allow remote attackers to inject arbitrary web script or HTML via the postatoda parameter to (1) rispondi.php and (2) scrivi.php, which is not properly handled in forum.php. | |||||