Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1581 | 1 Squirrelmail | 1 Squirrelmail | 2017-09-28 | 4.3 MEDIUM | N/A |
| functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message. | |||||
| CVE-2009-1578 | 1 Squirrelmail | 1 Squirrelmail | 2017-09-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING). | |||||
| CVE-2009-1607 | 1 Linkbase | 1 Linkbase | 2017-09-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administrator panel in phpForm.net LinkBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the username in a registration, which is not properly handled when the administrator accesses the Users menu. | |||||
| CVE-2009-1614 | 1 Gowondesigns | 1 Leap | 2017-09-28 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1623 | 1 Dew-code | 1 Dew-newphplinks | 2017-09-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to inject arbitrary web script or HTML via the PID parameter. | |||||
| CVE-2009-1654 | 1 Easy-scripts | 1 Answer And Question Script | 2017-09-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy Scripts Answer and Question Script allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. | |||||
| CVE-2009-1735 | 1 Omnisoftsol | 1 Vidsharepro | 2017-09-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1749 | 1 Joost Horward | 1 Catviz | 2017-09-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) userman_form and (2) webpages_form parameters. | |||||
| CVE-2009-1809 | 1 Collector | 1 Mycolex | 2017-09-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the year parameter to modules/kalender.php, (2) the Page parameter in a List action to modules/ereignis.php, (3) the Kontext parameter in a Search action to modules/kategorie.php, or (4) the image parameter to modules/image.php. | |||||
| CVE-2009-1811 | 1 Collector | 1 Mygesuad | 2017-09-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to inject arbitrary web script or HTML via (1) the Page parameter in a List action to modules/ereignis.php, (2) the Kontext parameter in a Search action to modules/kategorie.php, (3) the image parameter to modules/image.php, or (4) the ID parameter in a Detail action to modules/sitzung.php. | |||||
| CVE-2009-1820 | 1 2daybiz | 1 Custom T-shirt Design Script | 2017-09-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2009-1951 | 1 Propertymaxpro | 1 Propertymax Pro Free | 2017-09-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PropertyMax Pro FREE 0.3 allows remote attackers to inject arbitrary web script or HTML via the pl parameter in a mi action. | |||||
| CVE-2009-2020 | 1 Virtuenetz | 1 Virtue News Manager | 2017-09-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue News Manager allows remote attackers to inject arbitrary web script or HTML via the nid parameter. | |||||
| CVE-2009-2033 | 1 Ricardo Alexandre De Oliveira Staudt | 1 Yogurt | 2017-09-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2009-2127 | 1 Elvinbts | 1 Elvinbts | 2017-09-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2009-2131 | 1 4homepages | 1 4images | 2017-09-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture. | |||||
| CVE-2009-2141 | 1 Tbdev | 1 Tbdev.net | 2017-09-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php. | |||||
| CVE-2009-2145 | 1 Pantha | 1 Translucid | 2017-09-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, and the (c) NodeID parameter to the default URI for the admin section; and allow remote authenticated users to inject arbitrary web script or HTML via the (d) Title (aka page name) and (e) Url fields in a (1) new or (2) modified page. | |||||
| CVE-2009-2153 | 1 Sappy.dk | 1 Impleo Music Collection | 2017-09-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Impleo Music Collection 2.0 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. | |||||
| CVE-2009-2149 | 1 Campusvirtualcomputrade | 1 Campus Virtual-lms | 2017-09-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Campus Virtual-LMS allow remote attackers to inject arbitrary web script or HTML via the (1) courseid parameter to enrolments/step1.php, or the (2) search or (3) siteid parameter to files/shared_list.php. | |||||