Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (44676 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6620 1 Grafxsoftware 1 Minicwb 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php in GraFX miniCWB 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errcontext, (2) _GET, (3) _POST, (4) _SESSION, (5) _SERVER, and (6) fckphp_config[Debug_SERVER] parameters.
CVE-2008-6637 1 Libraryvideocompany 1 Safari Montage 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in Library Video Company SAFARI Montage 3.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) school and (2) email parameters.
CVE-2008-6644 1 Dotnetnuke 1 Dotnetnuke 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2008-6645 1 Opencosmo 1 Visualsentinel 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel 0.7 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header ($_SERVER ['HTTP_USER_AGENT']), which is not properly handled when displaying log files.
CVE-2008-6646 1 Coronamatrix 1 Phpaddressbook 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2008-6654 1 Structum 1 Infobiz Server 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in search_results.php in InfoBiz Server allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
CVE-2008-6655 1 Comscripts 1 Gedcom To Mysl 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php; the (3) nom_branche parameter to php/index.php; and the (4) nom_branche, (5) nom, and (6) prenom parameters to php/info.php.
CVE-2008-6666 1 Kronos 1 Kronos Webta 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to (1) servlet/com.threeis.webta.H710selProject and (2) servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610 states that the initial report was incorrect, but the reason for this conclusion is unknown.
CVE-2008-6681 1 Dojotoolkit 1 Dojo 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.
CVE-2008-6682 1 Apache 1 Struts 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
CVE-2008-6683 1 Yourfreeworld 1 Apartment Search Script 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter.
CVE-2008-6687 2 David Cadu, Typo3 2 Dcdgooglemap, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-6688 2 Kevin Renskers, Typo3 2 Dmmjobcontrol, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-6698 2 Michael Fritz, Typo3 2 Worldcup, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-6699 1 Typo3 2 Tjs Reslib, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-6700 1 Butterflymedia 1 Butterfly Organizer 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php.
CVE-2008-6715 1 Preprojects 1 Pre Ads Portal 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) homeadmin/adminhome.php and (2) homeadmin/signinform.php.
CVE-2008-6724 1 Patrick Matthai 1 Pnopaste 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste 1.0 allows remote attackers to inject arbitrary web script or HTML via the language parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-6727 1 Myupb 1 Upb 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
CVE-2008-6732 1 Dotnetnuke 1 Dotnetnuke 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via "newly generated paths."