Latest CVE Feed
-
4.3
MEDIUMCVE-2009-1070
Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter.... Read more
Affected Products : expressionengine- Published: Mar. 26, 2009
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2006-4220
Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) a... Read more
- Published: Dec. 31, 2006
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2009-1418
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : system_management_homepage- Published: May. 19, 2009
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2009-3745
Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string.... Read more
Affected Products : rational_appscan- Published: Oct. 22, 2009
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2008-5770
Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.... Read more
Affected Products : phpweather- Published: Dec. 30, 2008
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2008-5697
The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument.... Read more
- Published: Dec. 22, 2008
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2009-3755
Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php and (2) modules\base\myaccount.php; and the PATH_INFO to (3) modules_view.php, (4) tabledef... Read more
Affected Products : phpbms- Published: Oct. 22, 2009
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2009-3030
Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to... Read more
Affected Products : securityexpressions_audit_and_compliance_server- Published: Oct. 15, 2009
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2020-12404
For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26.... Read more
Affected Products : firefox- Published: Jul. 09, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2008-7089
Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors.... Read more
Affected Products : pligg_cms- Published: Aug. 26, 2009
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2008-7036
Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) dir... Read more
- Published: Aug. 24, 2009
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2013-0197
Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or HTML via the match_type parameter to bugs/search.php.... Read more
Affected Products : mantisbt- Published: May. 15, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2009-2987
Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via unknown vectors.... Read more
- Published: Oct. 19, 2009
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2006-3089
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) prefixe_dossier parameter in (a) /inc/header.php; (2) msg parameter in (b) /r... Read more
Affected Products : phpmyfactures- Published: Jun. 19, 2006
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2014-3262
The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) v... Read more
- Published: May. 16, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2008-5823
An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startu... Read more
- Published: Jan. 02, 2009
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2009-3008
K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacke... Read more
Affected Products : k-meleon- Published: Aug. 28, 2009
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2009-3060
Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the notice parameter to editform.php, (2) the edit_user_message parameter to core/edit_us... Read more
Affected Products : jboard- Published: Sep. 03, 2009
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2009-3005
Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers ... Read more
Affected Products : lunascape- Published: Aug. 28, 2009
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2008-7039
Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter in a comment. NOTE: some of these details are obtained from third party information... Read more
Affected Products : gelatocms- Published: Aug. 24, 2009
- Modified: Apr. 09, 2025