Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45980 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0917 | 1 Dflabs | 1 Ptk | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with "no contact from / to internet." | ||||
| CVE-2009-0930 | 1 Debian | 1 Horde Imp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php. | ||||
| CVE-2009-0931 | 1 Debian | 2 Horde, Horde Groupware | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-0932 | 1 Debian | 2 Horde, Horde Groupware | 2026-04-23 | N/A |
| Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name. | ||||
| CVE-2009-0933 | 1 Dotclear | 1 Dotclear | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative interface in Dotclear before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-0934 | 1 Process-one | 1 Ejabberd | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs. | ||||
| CVE-2009-0971 | 1 Futomi | 1 Access Analyzer Cgi | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access Analyzer CGI Standard Version 3.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2009-1030 | 1 Wordpress | 1 Wordpress Mu | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. | ||||
| CVE-2009-1035 | 2 Drupal, Jake Gordon | 2 Drupal, Tasks | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS). | ||||
| CVE-2009-1575 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7. | ||||
| CVE-2009-1578 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING). | ||||
| CVE-2009-1581 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2026-04-23 | N/A |
| functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message. | ||||
| CVE-2009-1583 | 1 R020 | 1 Tematres | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php. | ||||
| CVE-2009-1588 | 1 Cgi Rescue | 1 Cgi Rescue Minibbs | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in CGI RESCUE MiniBBS 8t before 8.95t, 8 before 8.95, 9 before 9.08, and 10 before 10.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-1591 | 1 Cgi Rescue | 1 Cgi Web Mailer | 2026-04-23 | N/A |
| CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 allows remote attackers to inject arbitrary HTTP headers, and conduct cross-site scripting (XSS) or HTTP response splitting attacks, via CRLF sequences in an unspecified web form. | ||||
| CVE-2009-1593 | 1 Armorlogic | 1 Profense Web Application Firewall | 2026-04-23 | N/A |
| Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element. | ||||
| CVE-2009-1607 | 1 Linkbase | 1 Linkbase | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrator panel in phpForm.net LinkBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the username in a registration, which is not properly handled when the administrator accesses the Users menu. | ||||
| CVE-2009-1614 | 1 Gowondesigns | 1 Leap | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1616 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505. | ||||
| CVE-2009-1620 | 1 Mata | 1 Matachat | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in input.php in MataChat allow remote attackers to inject arbitrary web script or HTML via the (1) nickname and (2) color parameters. | ||||