Total
44106 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6087 | 1 Camera Life | 1 Camera Life | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in topic.php in Camera Life 2.6.2b4 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2008-6144 | 1 Typo3 | 2 Typo3, Wec Discussion Forum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029. | ||||
| CVE-2008-6208 | 1 E107 | 1 E107 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6229 | 1 Drupal | 1 Content Construction Kit | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names. | ||||
| CVE-2008-6240 | 1 Openedit | 1 Openedit Digital Asset Management | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in data/views/index.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the catalogid parameter. | ||||
| CVE-2008-6238 | 1 Openedit | 1 Openedit Digital Asset Management | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in archive/savedqueries/savequeryfinish.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2008-6275 | 2 Drupal, Joomla | 2 User Karma Module, Joomla\! | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages. | ||||
| CVE-2008-6495 | 1 Zirkon Box | 1 Yappa-ng | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter. | ||||
| CVE-2008-6589 | 2 Lightneasy, Sqlite | 2 Lightneasy, Sqlite | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. | ||||
| CVE-2008-6666 | 1 Kronos | 1 Kronos Webta | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to (1) servlet/com.threeis.webta.H710selProject and (2) servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610 states that the initial report was incorrect, but the reason for this conclusion is unknown. | ||||
| CVE-2008-6687 | 2 David Cadu, Typo3 | 2 Dcdgooglemap, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2008-6868 | 1 Editeurscripts | 1 Esbaseadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in default/login.php in EditeurScripts EsBaseAdmin 2.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037. | ||||
| CVE-2008-6888 | 1 Preprojects | 1 Pre Classified Listings | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter. | ||||
| CVE-2008-6894 | 1 3cx | 1 Phone System | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in login.php in 3CX Phone System Free Edition 6.1793 and 6.0.806.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fName and (2) fPassword parameters. | ||||
| CVE-2008-6945 | 1 Icdevgroup | 1 Interchange | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature. | ||||
| CVE-2008-7039 | 1 Gelatocms | 1 Gelatocms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter in a comment. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-7048 | 1 Natterchat | 1 Natterchat | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) txtUsername parameter to registerDo.asp, as invoked from register.asp, or (2) txtRoomName parameter to room_new.asp. NOTE: these issues might be resultant from XSS in SQL error messages. | ||||
| CVE-2008-7060 | 1 One-news | 1 One-news | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 allow remote attackers to inject arbitrary HTML and web script via the (1) title or (2) content parameters in a news item to add.php, and the (3) itemnum, (4) author, or (5) comment parameters in a comment to index.php. NOTE: vectors 1 and 2 require user authentication. | ||||
| CVE-2008-7171 | 1 Yanick Bourbeau | 1 Lightweight News Portal | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, (2) potd parameter to show_potd.php, or (3) the Current question field in a vote action to admin.php. | ||||
| CVE-2008-7206 | 1 Stefan Ritt | 1 Elog Web Logbook | 2026-04-23 | N/A |
| Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 has unknown impact and attack vectors when the "logbook contains HTML code," probably cross-site scripting (XSS). | ||||