Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4662 | 1 Pmwiki | 1 Pmwiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PmWiki before 2.2.21 has XSS.
|
|||||
| CVE-2010-4659 | 1 Status | 1 Statusnet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.
|
|||||
| CVE-2010-4264 | 1 Vanillaforums | 1 Vanilla Forums | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
|
|||||
| CVE-2010-4245 | 1 Translatehouse | 1 Pootle | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
pootle 2.0.5 has XSS via 'match_names' parameter
|
|||||
| CVE-2010-4240 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Tiki Wiki CMS Groupware 5.2 has XSS
|
|||||
| CVE-2010-3857 | 1 Redhat | 1 Jboss Business Rules Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter.
|
|||||
| CVE-2010-3674 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
TYPO3 before 4.4.1 allows XSS in the frontend search box.
|
|||||
| CVE-2010-3672 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension.
|
|||||
| CVE-2010-3669 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
|
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.
|
|||||
| CVE-2010-3665 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.
|
|||||
| CVE-2010-3660 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.
|
|||||
| CVE-2010-2472 | 1 Drupal | 1 Drupal | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.
|
|||||
| CVE-2010-2250 | 1 Drupal | 1 Drupal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
|
|||||
| CVE-2010-1673 | 1 Ikiwiki | 1 Ikiwiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.
|
|||||
| CVE-2010-10010 | 1 Psychostats | 1 Psychostats | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic has been found in Stars Alliance PsychoStats up to 3.2.2a. This affects an unknown part of the file upload/admin/login.php. The manipulation of the argument ref leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.2.2b is able to address this issue. The identifier of the patch is 5d3b7311fd5085ec6ea1b1bfa9a05285964e07e4. It is recommended to upgrade the affected component. The identifier VDB-230265 was ass ...
Show More |
|||||
| CVE-2010-10008 | 1 Simplesamlphp | 1 Simplesamlphp-module-openidprovider | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The identifier of the patch is 8365d48c863cf06ccf1465cc0a161cefae29d69d. It ...
Show More |
|||||
| CVE-2010-10004 | 1 Simplesamlphp | 1 Information Cards Module | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The identifier of the patch is f6bfea49ae16dc6e179df8306d39c3694f1ef186. It is recommended to upgrade the affected component. The identifier VDB-217661 was assigned to this vulnerability.
|
|||||
| CVE-2010-10002 | 1 Simplesamlphp | 1 Simplesamlphp-module-openid | 2024-11-21 | 2.6 LOW | 3.1 LOW |
|
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.0 is able to address this issue. T ...
Show More |
|||||
| CVE-2009-5159 | 2 Invisioncommunity, Microsoft | 2 Invision Power Board, Internet Explorer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.
|
|||||
| CVE-2009-5049 | 2 Debian, Mortbay | 2 Debian Linux, Jetty | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
WebApp JSP Snoop page XSS in jetty though 6.1.21.
|
|||||
| CVE-2009-5048 | 1 Mortbay | 1 Jetty | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20.
|
|||||
| CVE-2009-5046 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.
|
|||||
| CVE-2009-4900 | 1 Pixelpost | 1 Pixelpost | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
pixelpost 1.7.1 has XSS
|
|||||
| CVE-2009-3724 | 1 Python-markdown2 Project | 1 Python-markdown2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues.
|
|||||
| CVE-2009-2802 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks.
|
|||||
| CVE-2009-10004 | 1 Sandbox Theme Project | 1 Sandbox Theme | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has been classified as problematic. This affects the function sandbox_body_class of the file functions.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.6.1 is able to address this issue. The identifier of the patch is 8045b1e10970342f558b2c5f360e0bd135af2b10. It is recommended to upgrade the affected component. The identifier VDB-22535 ...
Show More |
|||||
| CVE-2009-10003 | 1 Wordcraft Project | 1 Wordcraft | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The patch is identified as be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vuln ...
Show More |
|||||
| CVE-2009-10002 | 1 Fittr Flickr Project | 1 Fittr Flickr | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in dpup fittr-flickr. This issue affects some unknown processing of the file fittr-flickr/features/easy-exif.js of the component EXIF Preview Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 08875dd8a2e5d0d16568bb0d67cb4328062fccde. It is recommended to apply a patch to fix this issue. The identifier VDB-218297 was assigned to this vulnerability.
|
|||||
| CVE-2009-10001 | 1 Cool-php-captcha Project | 1 Cool-php-captcha | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2. This vulnerability affects unknown code of the file example-form.php. The manipulation of the argument captcha with the input %3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.3 is able to address this issue. The name of the patch is c84fb6b153bebaf228feee0cbf50728d27 ...
Show More |
|||||
| CVE-2008-7321 | 1 Tubepress | 1 Tubepress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The tubepress plugin before 1.6.5 for WordPress has XSS.
|
|||||
| CVE-2008-10002 | 1 Ajaxlife Project | 1 Ajaxlife | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The patch is identified as 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2008-10001 | 1 Pro2col | 1 Stingray Fts | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
|
|||||
| CVE-2006-10001 | 1 Markjaquith | 1 Subscribe To Comments | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The identifier of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was ...
Show More |
|||||
| CVE-2005-2350 | 1 Websieve Project | 1 Websieve | 2024-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface.
|
|||||
| CVE-2003-5003 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-11-20 | 4.3 MEDIUM | 5.0 MEDIUM |
|
A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
|
|||||
| CVE-2024-20525 | 1 Cisco | 1 Identity Services Engine | 2024-11-20 | N/A | 6.1 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of th ...
Show More |
|||||
| CVE-2024-20530 | 1 Cisco | 1 Identity Services Engine | 2024-11-20 | N/A | 6.1 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of th ...
Show More |
|||||
| CVE-2024-41678 | 1 Glpi-project | 1 Glpi | 2024-11-20 | N/A | 6.1 MEDIUM |
|
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17.
|
|||||
| CVE-2024-43417 | 1 Glpi-project | 1 Glpi | 2024-11-20 | N/A | 6.1 MEDIUM |
|
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Software form. Upgrade to 10.0.17.
|
|||||
| CVE-2024-43418 | 1 Glpi-project | 1 Glpi | 2024-11-20 | N/A | 6.1 MEDIUM |
|
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17.
|
|||||