Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-10010 | 1 Zerochplus Project | 1 Zerochplus | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic has been found in zerochplus. This affects the function PrintResList of the file test/mordor/thread.res.pl. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 9ddf9ecca8565341d8d26a3b2f64540bde4fa273. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218007.
|
|||||
| CVE-2013-0739 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script.
|
|||||
| CVE-2013-0738 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php.
|
|||||
| CVE-2013-0737 | 1 Boltwire | 1 Boltwire | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter.
|
|||||
| CVE-2013-0592 | 1 Ibm | 1 Inotes | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815.
|
|||||
| CVE-2013-0286 | 1 Pinboard Project | 1 Pinboard | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Pinboard 1.0.6 theme for Wordpress has XSS.
|
|||||
| CVE-2013-0283 | 1 Theforeman | 1 Katello | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Katello: Username in Notification page has cross site scripting
|
|||||
| CVE-2013-0195 | 1 Matomo | 1 Matomo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194.
|
|||||
| CVE-2013-0194 | 1 Matomo | 1 Matomo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195.
|
|||||
| CVE-2013-0193 | 1 Matomo | 1 Matomo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195.
|
|||||
| CVE-2013-0186 | 1 Redhat | 2 Cloudforms, Manageiq Enterprise Virtualization Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-0161 | 1 Havalite | 1 Havalite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Havalite CMS 1.1.7 has a stored XSS vulnerability
|
|||||
| CVE-2012-6720 | 1 Socialengine | 1 Socialengine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*.
|
|||||
| CVE-2012-6718 | 1 Sharebar Project | 1 Sharebar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491.
|
|||||
| CVE-2012-6717 | 1 Redirection | 1 Redirection | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562.
|
|||||
| CVE-2012-6716 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links.
|
|||||
| CVE-2012-6715 | 1 Formbuilder Project | 1 Formbuilder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header.
|
|||||
| CVE-2012-6714 | 1 Count Per Day Project | 1 Count Per Day | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The count-per-day plugin before 3.2.3 for WordPress has XSS via search words.
|
|||||
| CVE-2012-6713 | 1 Wp-jobmanager | 1 Job Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues.
|
|||||
| CVE-2012-6708 | 1 Jquery | 1 Jquery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploi ...
Show More |
|||||
| CVE-2012-6682 | 1 Dragonbyte-tech | 1 Vbdownloads Module | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter.
|
|||||
| CVE-2012-6671 | 1 Dragonbyte-tech | 1 Forumon Rpg Module | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module before 1.0.8 for vBulletin when creating a new monster, allow remote attackers to inject arbitrary web script or HTML via the (1) monster[title] or (2) monster[description] parameters.
|
|||||
| CVE-2012-6670 | 1 Dragonbyte-tech | 1 Vbactivity Module | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php.
|
|||||
| CVE-2012-6668 | 1 Dragonbyte-tech | 1 Vbshout Module | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module before 6.0.6 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2) modnotes parameter in actions/updatereport.php.
|
|||||
| CVE-2012-6667 | 1 Dragonbyte-tech | 1 Vbshout | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action.
|
|||||
| CVE-2012-6666 | 1 Vbseo | 1 Vbseo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter.
|
|||||
| CVE-2012-6494 | 1 Rapid7 | 1 Nexpose | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access.
|
|||||
| CVE-2012-6449 | 1 Cpanel | 2 Cpanel, Whm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability.
|
|||||
| CVE-2012-6448 | 1 Cpanel | 1 Webhost Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-6347 | 1 Fortinet | 1 Fortidb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext parameter to (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf, (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyP ...
Show More |
|||||
| CVE-2012-6346 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate.
|
|||||
| CVE-2012-6344 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Novell ZENworks Configuration Management before 11.2.4 allows XSS.
|
|||||
| CVE-2012-6133 | 1 Roundup-tracker | 1 Roundup | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.
|
|||||
| CVE-2012-5776 | 1 Dokeos | 1 Dokeos | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.
|
|||||
| CVE-2012-5558 | 2 Smiley Project, Smileys Project | 2 Smiley, Smileys | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and Smileys module 6.x-1.x versions prior to 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML via a smiley acronym.
|
|||||
| CVE-2012-5193 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter.
|
|||||
| CVE-2012-4526 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)
|
|||||
| CVE-2012-4525 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
piwigo has XSS in password.php
|
|||||
| CVE-2012-4519 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS.
|
|||||
| CVE-2012-4451 | 3 Fedoraproject, Redhat, Zend | 3 Fedora, Enterprise Linux, Zend Framework | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
|
|||||