Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6988 | 1 Ezphotogallery | 1 Ezphotogallery | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo Gallery (aka Ezphotogallery) 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) galleryid parameter to gallery.php, and the (2) size or (3) imageid parameters to show.php. | ||||
| CVE-2008-6982 | 1 Devalcms | 1 Devalcms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter. | ||||
| CVE-2008-6979 | 1 Phpadultsite | 1 Phpadultsite Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to inject arbitrary web script or HTML via the results_per_page parameter to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue might be resultant from a separate SQL injection vulnerability. | ||||
| CVE-2008-6977 | 1 Fullrevolution | 1 Aspwebalbum | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action. | ||||
| CVE-2008-6972 | 3 Drupal, Karen Stevenson, Yves Chedemois | 3 Drupal, Cck, Cck | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3) "allowed values" settings. | ||||
| CVE-2008-6969 | 1 Pentasoft Corp. | 1 Avactis Shopping Cart | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in Avactis Shopping Cart 1.8.0 and 1.8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) step_id and (2) CHECKOUT_CZ_BLOWFISH_KEY parameters. | ||||
| CVE-2008-6946 | 1 Collabtive | 1 Collabtive | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php. | ||||
| CVE-2008-6945 | 1 Icdevgroup | 1 Interchange | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature. | ||||
| CVE-2008-6927 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action. | ||||
| CVE-2008-6925 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6924 | 1 Intelliants | 1 Esyndicat | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in register.php in eSyndiCat Directory 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email, (3) password, (4) password2, (5) security_code, and (6) register parameters. | ||||
| CVE-2008-6915 | 1 Zeeways | 1 Zeeproperty | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in view_prop_details.php in Zeeways ZEEPROPERTY 1.0 allows remote attackers to inject arbitrary web script or HTML via the propid parameter. | ||||
| CVE-2008-6906 | 1 Babbleboard | 1 Babbleboard | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1.1.6 allows remote attackers to inject arbitrary web script or HTML via the username. | ||||
| CVE-2008-6894 | 1 3cx | 1 Phone System | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in login.php in 3CX Phone System Free Edition 6.1793 and 6.0.806.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fName and (2) fPassword parameters. | ||||
| CVE-2008-6893 | 2 Alt-n, Microsoft | 2 Worldclient, Internet Explorer | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag. | ||||
| CVE-2008-6891 | 1 Codetoad | 1 Asp Forum Script | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp. | ||||
| CVE-2008-6888 | 1 Preprojects | 1 Pre Classified Listings | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter. | ||||
| CVE-2008-6885 | 1 Xoops | 1 Xoops | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message. | ||||
| CVE-2008-6879 | 1 Apache | 1 Roller | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. | ||||
| CVE-2008-6876 | 1 Editeurscripts | 1 Espartenaires | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in EsPartenaires 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037. | ||||