LiveActive security incident?Get immediate response
CVE archive

March 2009

Browse CVE records published in March 2009, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 449 matching CVEs · Page 3 of 9.

Unknown · CVSS Not scored

CVE-2009-4713: Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow re...

Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to (3) categoria.php and (4) index.php.

Published Mar 15, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4742: Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL co...

Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable through index.php; (2) the word parameter in a play keyw action to the link module, reachable through index.php; (3) the id_certificate parameter in an elemmetacertificate action to the meta_certificate module, reachable through index.php; or (4) the id_certificate parameter in an elemcertificate action to the certificate module, reachable through index.php.

Published Mar 26, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4694: Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attacke...

Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the fid parameter in a view_forum action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 10, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4669: Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbitrary SQ...

Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the loginus parameter to Login.php or (2) the Old Password field to changepwd.php, and allow (3) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/userform.php.

Published Mar 5, 2010 · Updated Aug 7, 2024