Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-5048 | 1 Mortbay | 1 Jetty | 2024-11-21 | 6.1 Medium |
| Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. | ||||
| CVE-2009-5046 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2024-11-21 | 6.1 Medium |
| JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. | ||||
| CVE-2009-5031 | 2 Opensuse, Trustwave | 2 Opensuse, Modsecurity | 2024-11-21 | N/A |
| ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header. | ||||
| CVE-2009-5017 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2024-11-21 | N/A |
| Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210. | ||||
| CVE-2009-5016 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2024-11-21 | N/A |
| Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870. | ||||
| CVE-2009-5000 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages. | ||||
| CVE-2009-4999 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field. | ||||
| CVE-2009-4995 | 1 Smartertools | 1 Smartertrack | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4994 | 1 Smartertools | 1 Smartertrack | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2009-4991 | 1 Omnistaretools | 1 Omnistar Recruiting | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in users/resume_register.php in Omnistar Recruiting allows remote attackers to inject arbitrary web script or HTML via the job2 parameter. | ||||
| CVE-2009-4990 | 2 Drupal, Jrbcs | 2 Drupal, Webform Report | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission. | ||||
| CVE-2009-4989 | 1 Ajsquare | 1 Aj Auction Pro-oopd | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action. | ||||
| CVE-2009-4984 | 1 Websitesrus | 1 Accessories Me Php Affiliate Script | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php. | ||||
| CVE-2009-4983 | 1 Snowhall | 1 Silurus System | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php. | ||||
| CVE-2009-4980 | 1 Keil-software | 1 Photokorn Gallery | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php. | ||||
| CVE-2009-4976 | 2 Kde, Urs Wolfer | 2 Konqueror, Kwebkitpart | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. | ||||
| CVE-2009-4975 | 1 Nokia | 1 Qtdemobrowser | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. | ||||
| CVE-2009-4972 | 1 Kelvin Mo | 1 Simpleid | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php (aka the log in page) in SimpleID before 0.6.5 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2009-4963 | 1 Typo3 | 2 Commerce Extension, Typo3 | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4956 | 2 Typo3, Wapplersystems | 2 Typo3, Ws Stats | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||