Total
37036 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-3660 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.4 Medium |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. | ||||
| CVE-2010-2472 | 1 Drupal | 1 Drupal | 2024-11-21 | 4.8 Medium |
| Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission. | ||||
| CVE-2010-2250 | 1 Drupal | 1 Drupal | 2024-11-21 | 6.1 Medium |
| Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack. | ||||
| CVE-2010-1673 | 1 Ikiwiki | 1 Ikiwiki | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment. | ||||
| CVE-2010-10010 | 1 Psychostats | 1 Psychostats | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic has been found in Stars Alliance PsychoStats up to 3.2.2a. This affects an unknown part of the file upload/admin/login.php. The manipulation of the argument ref leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.2.2b is able to address this issue. The identifier of the patch is 5d3b7311fd5085ec6ea1b1bfa9a05285964e07e4. It is recommended to upgrade the affected component. The identifier VDB-230265 was assigned to this vulnerability. | ||||
| CVE-2010-10004 | 1 Simplesamlphp | 1 Information Cards Module | 2024-11-21 | 3.5 Low |
| A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The identifier of the patch is f6bfea49ae16dc6e179df8306d39c3694f1ef186. It is recommended to upgrade the affected component. The identifier VDB-217661 was assigned to this vulnerability. | ||||
| CVE-2010-10002 | 1 Simplesamlphp | 1 Simplesamlphp-module-openid | 2024-11-21 | 3.1 Low |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is identified as d652d41ccaf8c45d5707e741c0c5d82a2365a9a3. It is recommended to upgrade the affected component. VDB-217170 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2009-5159 | 2 Invisioncommunity, Microsoft | 2 Invision Power Board, Internet Explorer | 2024-11-21 | 6.1 Medium |
| Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. | ||||
| CVE-2009-5049 | 2 Debian, Mortbay | 2 Debian Linux, Jetty | 2024-11-21 | 6.1 Medium |
| WebApp JSP Snoop page XSS in jetty though 6.1.21. | ||||
| CVE-2009-5048 | 1 Mortbay | 1 Jetty | 2024-11-21 | 6.1 Medium |
| Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. | ||||
| CVE-2009-5046 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2024-11-21 | 6.1 Medium |
| JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. | ||||
| CVE-2009-4900 | 1 Pixelpost | 1 Pixelpost | 2024-11-21 | 6.1 Medium |
| pixelpost 1.7.1 has XSS | ||||
| CVE-2009-3724 | 1 Python-markdown2 Project | 1 Python-markdown2 | 2024-11-21 | 6.1 Medium |
| python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues. | ||||
| CVE-2009-2802 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 6.1 Medium |
| MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. | ||||
| CVE-2009-10004 | 1 Sandbox Theme Project | 1 Sandbox Theme | 2024-11-21 | 3.5 Low |
| A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has been classified as problematic. This affects the function sandbox_body_class of the file functions.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.6.1 is able to address this issue. The identifier of the patch is 8045b1e10970342f558b2c5f360e0bd135af2b10. It is recommended to upgrade the affected component. The identifier VDB-225357 was assigned to this vulnerability. | ||||
| CVE-2009-10003 | 1 Wordcraft Project | 1 Wordcraft | 2024-11-21 | 3.5 Low |
| A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The patch is identified as be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability. | ||||
| CVE-2009-10001 | 1 Cool-php-captcha Project | 1 Cool-php-captcha | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2. This vulnerability affects unknown code of the file example-form.php. The manipulation of the argument captcha with the input %3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.3 is able to address this issue. The name of the patch is c84fb6b153bebaf228feee0cbf50728d27ae3f80. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218296. | ||||
| CVE-2008-7321 | 1 Tubepress | 1 Tubepress | 2024-11-21 | N/A |
| The tubepress plugin before 1.6.5 for WordPress has XSS. | ||||
| CVE-2008-10002 | 1 Ajaxlife Project | 1 Ajaxlife | 2024-11-21 | 3.5 Low |
| A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The patch is identified as 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability. | ||||
| CVE-2006-10001 | 1 Markjaquith | 1 Subscribe To Comments | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The identifier of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability. | ||||