Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7206 | 1 Stefan Ritt | 1 Elog Web Logbook | 2017-08-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 has unknown impact and attack vectors when the "logbook contains HTML code," probably cross-site scripting (XSS). | |||||
| CVE-2008-6847 | 1 Preproject | 1 Pre Asp Job Board | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in Pre ASP Job Board allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2008-7140 | 1 Alexguestbook | 1 \@lex Guestbook | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2) test parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: a third party has been reported that the test parameter is not used in @lex Guestbook. | |||||
| CVE-2008-6681 | 1 Dojotoolkit | 1 Dojo | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element. | |||||
| CVE-2008-7092 | 1 Unica | 1 Affinium Campaign | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to Campaign/Campaign; (4) a Javascript event in the displayIcon parameter to Campaign/updateOfferTemplateSubmit.do (aka the templates web page); (5) crafted input to Campaign/CampaignListener (aka the listener server), which is not properly handled when displaying the status log; and (6) id parameter to Campaign/campaignDetails.do, (7) id parameter to Campaign/offerDetails.do, (8) function parameter to Campaign/Campaign, (9) sessionID parameter to Campaign/runAllFlowchart.do, (10) id parameter in an edit action to Campaign/updateOfferTemplatePage.do, (11) Frame parameter in a LoadFrame action to Campaign/Campaign, (12) affiniumUserName parameter to manager/jsp/test.jsp, (13) affiniumUserName parameter to Campaign/main.do, and possibly other vectors. | |||||
| CVE-2008-7134 | 1 Redgalaxy | 1 Download Center | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2003-1585 | 1 Alentum | 1 Weblog Expert | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | |||||
| CVE-2009-0603 | 1 Drupal | 2 Drupal, Link Module | 2017-08-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-7048 | 1 Natterchat | 1 Natterchat | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) txtUsername parameter to registerDo.asp, as invoked from register.asp, or (2) txtRoomName parameter to room_new.asp. NOTE: these issues might be resultant from XSS in SQL error messages. | |||||
| CVE-2008-6888 | 1 Preprojects | 1 Pre Classified Listings | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter. | |||||
| CVE-2008-6876 | 1 Editeurscripts | 1 Espartenaires | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in EsPartenaires 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037. | |||||
| CVE-2008-6436 | 1 Xerox | 1 Workcentre | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-6211 | 1 Mcgallerypro | 1 Mcgallery | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net mcGallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the lang parameter to (1) admin.php, (2) index.php, (3) sess.php, (4) stats.php, (5) detail.php, (6) resize.php, and (7) show.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6654 | 1 Structum | 1 Infobiz Server | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search_results.php in InfoBiz Server allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | |||||
| CVE-2008-6831 | 1 Atlassian | 1 Jira | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated using secure/AddComment!default.jspa (aka "Add Comment"). | |||||
| CVE-2007-6726 | 2 Apache, Dojotoolkit | 2 Struts, Dojo | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/. | |||||
| CVE-2008-6839 | 1 Tgs-cms | 1 Tgs Content Management | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Management 0.3.2r2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg and (2) goodmsg parameters to (a) login.php and (b) index.php, and the (3) dir and (4) id parameters to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6891 | 1 Codetoad | 1 Asp Forum Script | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp. | |||||
| CVE-2008-6448 | 1 Skyarc | 1 Mtcms Wysiwyg Editor | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC System MTCMS WYSIWYG Editor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-6675 | 1 Quickersite | 1 Quickersite | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through default.asp; (4) paramCode and (5) cColor parameters to picker.asp; and the (6) query string, (7) Referer header, and (8) X-FORWARDED-FOR header to rss.asp. | |||||