Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1281 | 1 Glfusion | 1 Glfusion | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-1279 | 1 Joomla | 1 Joomla | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component. | ||||
| CVE-2009-1261 | 1 Webhelpdesk | 1 Web Help Desk | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk 9.1.22 (evaluation version) allow remote attackers to inject arbitrary web script or HTML via the (1) Report Name, (2) Asset No., and (3) Full Name fields in a Models action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-1249 | 1 Drupal | 2 Drupal, Feedapi Mapper | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map. | ||||
| CVE-2009-1228 | 1 Arcadwy | 1 Arcadwy Arcade Script Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user_name parameter). | ||||
| CVE-2009-1225 | 1 Platinumprofitzone | 1 Turnkey Ebook Store | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action. | ||||
| CVE-2009-1220 | 1 Cisco | 2 Adaptive Security Appliance, Ios | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the Host HTTP header. | ||||
| CVE-2009-1218 | 1 Sun | 2 Java System Calendar Server, One Calendar Server | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml. | ||||
| CVE-2009-1204 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php. | ||||
| CVE-2009-1202 | 1 Cisco | 1 Adaptive Security Appliance | 2024-11-21 | N/A |
| WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705. | ||||
| CVE-2009-1201 | 1 Cisco | 1 Adaptive Security Appliance | 2024-11-21 | N/A |
| Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694. | ||||
| CVE-2009-1198 | 1 Apache | 1 Juddi | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp. | ||||
| CVE-2009-1175 | 1 Banshee-project | 1 Banshee | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message. | ||||
| CVE-2009-1162 | 1 Cisco | 2 Ironport Asyncos, Ironport Email Security Appliances | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter. | ||||
| CVE-2009-1150 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie. | ||||
| CVE-2009-1091 | 1 Rapidleech | 1 Rapidleech | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to inject arbitrary web script or HTML via the uploaded parameter. | ||||
| CVE-2009-1081 | 1 Sun | 1 Java System Identity Manager | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661. | ||||
| CVE-2009-1080 | 1 Sun | 1 Java System Identity Manager | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033. | ||||
| CVE-2009-1079 | 1 Sun | 1 Java System Identity Manager | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683. | ||||
| CVE-2009-1070 | 1 Expressionengine | 1 Expressionengine | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter. | ||||