| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2008-5807 |
79 |
|
XSS |
2008-12-31 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl. |
|
2 |
CVE-2008-5799 |
79 |
|
XSS |
2008-12-31 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
3 |
CVE-2008-5795 |
79 |
|
XSS |
2008-12-31 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
4 |
CVE-2008-5786 |
79 |
|
XSS |
2008-12-31 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Silva Find extension 1.1.5 and earlier in Silva 1.x before 1.6.3.2, Silva 2.0 before 2.0.12.2, and Silva 2.1 before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the fulltext parameter. |
|
5 |
CVE-2008-5770 |
79 |
|
XSS |
2008-12-30 |
2017-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
|
6 |
CVE-2008-5769 |
79 |
|
XSS |
2008-12-30 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information. |
|
7 |
CVE-2008-5761 |
79 |
|
XSS |
2008-12-30 |
2017-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name parameter in an insertrecord action to index.php in the 08_Files module, as demonstrated by injection within a SRC attribute of an IFRAME element. |
|
8 |
CVE-2008-5760 |
79 |
|
XSS |
2008-12-30 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information. |
|
9 |
CVE-2008-5759 |
79 |
|
XSS |
2008-12-30 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08_Files module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
10 |
CVE-2008-5757 |
79 |
|
XSS |
2008-12-30 |
2018-10-11 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information. |
|
11 |
CVE-2008-5734 |
79 |
|
XSS |
2008-12-26 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message. |
|
12 |
CVE-2008-5729 |
79 |
|
XSS |
2008-12-26 |
2017-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKeditor/neditor.php, and the (3) path parameter to admin/siteinfo/iframe.inc.php. |
|
13 |
CVE-2008-5720 |
79 |
|
XSS |
2008-12-26 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions. |
|
14 |
CVE-2008-5719 |
79 |
|
XSS |
2008-12-26 |
2009-02-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web Workflow SDK Set for Active Server Pages before 06-52-/C and Hitachi Groupmax Workflow - Development Kit for Active Server Pages before 06-52-/A allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
15 |
CVE-2008-5717 |
79 |
|
XSS |
2008-12-26 |
2009-02-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Management - Service Support 08-10 through 08-10-05, 08-11 through 08-11-03, and 08-50 through 08-50-03 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
16 |
CVE-2008-5682 |
79 |
|
XSS |
2008-12-19 |
2012-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. |
|
17 |
CVE-2008-5668 |
79 |
|
XSS |
2008-12-19 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section. |
|
18 |
CVE-2008-5656 |
79 |
|
XSS |
2008-12-17 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
|
19 |
CVE-2008-5644 |
79 |
|
XSS |
2008-12-17 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
|
20 |
CVE-2008-5591 |
79 |
|
XSS |
2008-12-16 |
2017-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Personal Diary 1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter and possibly other "login fields." NOTE: some of these details are obtained from third party information. |
|
21 |
CVE-2008-5584 |
79 |
|
XSS |
2008-12-15 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a message, (2) a milestone, or (3) a display name in a profile, or the (4) a or (5) c parameter to index.php. |
|
22 |
CVE-2008-5569 |
79 |
|
XSS |
2008-12-15 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/. |
|
23 |
CVE-2008-5566 |
79 |
|
XSS |
2008-12-15 |
2017-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in Triangle Solutions PHP Multiple Newsletters 2.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
|
24 |
CVE-2008-5556 |
79 |
|
XSS Bypass |
2008-12-12 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design." |
|
25 |
CVE-2008-5555 |
79 |
|
XSS Bypass |
2008-12-12 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." |
|
26 |
CVE-2008-5554 |
79 |
|
XSS Bypass |
2008-12-12 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." |
|
27 |
CVE-2008-5553 |
79 |
|
XSS Bypass |
2008-12-12 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." |
|
28 |
CVE-2008-5552 |
79 |
|
XSS Bypass |
2008-12-12 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." |
|
29 |
CVE-2008-5551 |
79 |
|
XSS Bypass |
2008-12-12 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection." |
|
30 |
CVE-2008-5513 |
79 |
|
XSS Bypass |
2008-12-17 |
2023-02-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data. |
|
31 |
CVE-2008-5511 |
79 |
|
XSS Bypass |
2008-12-17 |
2023-02-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document." |
|
32 |
CVE-2008-5487 |
79 |
|
XSS |
2008-12-12 |
2017-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
|
33 |
CVE-2008-5435 |
79 |
|
XSS |
2008-12-11 |
2009-01-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject. |
|
34 |
CVE-2008-5433 |
79 |
|
XSS |
2008-12-11 |
2009-02-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field. |
|
35 |
CVE-2008-5432 |
79 |
|
XSS |
2008-12-11 |
2020-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title). |
|
36 |
CVE-2008-5399 |
79 |
|
XSS |
2008-12-10 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the listonlineusers (aka "Who's online") component in mvnForum before 1.2.1 GA allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
|
37 |
CVE-2008-5338 |
79 |
|
XSS |
2008-12-05 |
2017-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to inject arbitrary web script or HTML via the section parameter. |
|
38 |
CVE-2008-5330 |
79 |
|
XSS |
2008-12-05 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO of a URI associated with a VOB page. |
|
39 |
CVE-2008-5325 |
79 |
|
XSS |
2008-12-05 |
2018-11-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
40 |
CVE-2008-5324 |
79 |
|
XSS |
2008-12-05 |
2009-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
41 |
CVE-2008-5323 |
79 |
1
|
XSS |
2008-12-03 |
2017-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg 1.0 allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
|
42 |
CVE-2008-5304 |
79 |
|
XSS |
2008-12-10 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable. |
|
43 |
CVE-2008-5290 |
79 |
|
XSS |
2008-12-01 |
2017-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
|
44 |
CVE-2008-5278 |
79 |
|
XSS |
2008-11-28 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable). |
|
45 |
CVE-2008-5271 |
79 |
|
XSS |
2008-11-28 |
2017-10-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in Fred Stuurman SyndeoCMS 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. |
|
46 |
CVE-2008-5266 |
79 |
|
XSS |
2008-11-28 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751. |
|
47 |
CVE-2008-5264 |
79 |
|
XSS |
2008-11-28 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action. |
|
48 |
CVE-2008-5250 |
79 |
|
XSS |
2008-12-19 |
2009-10-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page. |
|
49 |
CVE-2008-5249 |
79 |
|
XSS |
2008-12-19 |
2009-10-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
50 |
CVE-2008-5228 |
79 |
|
XSS |
2008-11-25 |
2017-08-08 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM Workplace Content Management (WCM) 6.0G and 6.1 before CF8, when a Page Navigation Component shows menu entries, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the URI, related to parameters "not being encoded." |
