Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2228 | 1 Kasseler-cms | 1 Kasseler Cms | 2017-09-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action. | |||||
| CVE-2009-2241 | 1 Aaronoutpost | 1 Asp Inline Corporate Calendar | 2017-09-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline Corporate Calendar allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
| CVE-2009-2277 | 1 Vmware | 2 Esx Server, Virtualcenter | 2017-09-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data." | |||||
| CVE-2009-2327 | 1 Max Kervin | 1 Kervinet Forum | 2017-09-18 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet Forum 1.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the v_variant1 parameter. | |||||
| CVE-2009-2330 | 1 Cms.tut.su | 1 Cms Chainuk | 2017-09-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter. | |||||
| CVE-2009-2391 | 1 Virtuenetz | 1 Virtue Online Test Generator | 2017-09-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to inject arbitrary web script or HTML via the tid parameter. | |||||
| CVE-2009-2401 | 1 Phpecho Cms | 1 Phpecho Cms | 2017-09-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post. | |||||
| CVE-2009-2594 | 1 Censura | 1 Censura | 2017-09-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in censura.php in Censura 1.16.04 allows remote attackers to inject arbitrary web script or HTML via the itemid parameter in a details action. | |||||
| CVE-2009-2778 | 1 Garagesalesjunkie | 1 Garagesales Script | 2017-09-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2820 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-09-18 | 4.3 MEDIUM | N/A |
| The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues. | |||||
| CVE-2009-2920 | 1 Elvinbts | 1 Elvinbts | 2017-09-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail, (5) Pass, and (6) Confirm pass fields to createaccount.php. | |||||
| CVE-2009-2928 | 1 Tgs-cms | 1 Tgs Content Management | 2017-09-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary web script or HTML via the previous_page parameter, a different vector than CVE-2008-6839. | |||||
| CVE-2009-3016 | 1 Apple | 1 Safari | 2017-09-18 | 4.3 MEDIUM | N/A |
| Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. | |||||
| CVE-2009-3155 | 2 Almondsoft, Joomla | 2 Com Aclassf, Joomla | 2017-09-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter. | |||||
| CVE-2009-3171 | 1 Anantasoft | 1 Gazelle Cms | 2017-09-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (2) lookup parameter to search.php. | |||||
| CVE-2009-3191 | 1 Pad-site-scripts | 1 Pad Site Scripts | 2017-09-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to inject arbitrary web script or HTML via the cat parameter to (1) rss.php and (2) opml.php. | |||||
| CVE-2009-3247 | 1 Vtiger | 1 Vtiger Crm | 2017-09-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote attackers to inject arbitrary web script or HTML via the action parameter to phprint.php. NOTE: the query_string vector is already covered by CVE-2008-3101.3. | |||||
| CVE-2009-3328 | 1 Webilix | 1 Wx-guestbook | 2017-09-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers to inject arbitrary web script or HTML via the sName parameter (aka the name field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3348 | 1 Datavore | 1 Gyro | 2017-09-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component. | |||||
| CVE-2009-3420 | 1 Intesync | 1 Miniweb | 2017-09-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Publisher module 2.0 for Miniweb allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter and the (2) PATH_INFO. | |||||