CVE-2023-45957

A stored cross-site scripting XSS vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e-getMessage error mishandling...

CVE-2023-45471

The QAD Search Server is vulnerable to Stored Cross-Site Scripting XSS in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute...

CVE-2018-14864

Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment...

CVE-2018-18672

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka the adm/boardformupdate.php bocontenthead parameter...

CVE-2018-18675

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board title contents" parameter, aka the adm/boardformupdate.php bomobilesubject parameter...

CVE-2009-4602

Cross-site scripting XSS vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x through 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4161

Cross-site scripting XSS vulnerability in the AN Search it! ansearchit extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4400

Cross-site scripting XSS vulnerability in the Parish Administration Database steparishadmin extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4839

Multiple cross-site scripting XSS vulnerabilities in Basic Analysis and Security Engine BASE, possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 admin/baseroleadmin.php, 2 admin/baseuseradmin.php, 3 baseconfcontents.php, 4...

CVE-2009-4497

Cross-site scripting XSS vulnerability in LXR Cross Referencer 0.9.5 and 0.9.6 allows remote attackers to inject arbitrary web script or HTML via the i parameter to the ident program...

CVE-2009-4868

Cross-site scripting XSS vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the qid parameter to the answers script aka answers.php. NOTE: some of these details are obtained from third party information...

CVE-2009-4910

Cross-site scripting XSS vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances ASA 5580 series devices with software before 8.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418...

CVE-2009-4387

The cross-site scripting XSS protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro PMP before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and oth...

CVE-2009-4717

Multiple cross-site scripting XSS vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the 1 host parameter to stat/host.php, nodayshow parameter to 2 mostvisitpage.php and 3 visitorduration.php in stat/, 4 nopagesmost parameter to...

CVE-2009-4780

Multiple cross-site scripting XSS vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter in a sitemap action, 2 the search parameter in a search action, 3 the taggingid parameter in a search action, 4 the...

CVE-2009-4069

Multiple cross-site scripting XSS vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4999

Cross-site scripting XSS vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field...

CVE-2009-4397

Cross-site scripting XSS vulnerability in the Diocese of Portsmouth Resources Database pdresources extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-0963

Cross-site scripting XSS vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained from third party information...

CVE-2010-0675

Cross-site scripting XSS vulnerability in index.php in BGSvetionik BGS CMS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action. NOTE: some of these details are obtained from third party information...