Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0707 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with a document attachment control section.
|
|||||
| CVE-2013-7129 | 1 Themebeans | 1 Blooog Theme | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf.
|
|||||
| CVE-2011-4564 | 1 Activedev | 1 Active Cms | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action.
|
|||||
| CVE-2012-0047 | 1 Apache | 1 Wicket | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
|
|||||
| CVE-2013-4460 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name.
|
|||||
| CVE-2011-3393 | 1 Myrephp | 1 Myre Real Estate Software | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3) city1 parameter.
|
|||||
| CVE-2011-2509 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.php; (3) the query string to the com_newsfeeds component, as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a ...
Show More |
|||||
| CVE-2011-4552 | 1 Oneclickorgs | 1 One Click Orgs | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the eject member proposal feature.
|
|||||
| CVE-2012-5315 | 1 Php Ireport Project | 1 Php Ireport | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to (1) messages_viewer.php, (2) home.php, or (3) history.php.
|
|||||
| CVE-2013-5402 | 1 Ibm | 12 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 9 more | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, ...
Show More |
|||||
| CVE-2009-4944 | 1 Atutor | 1 Acollab | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) address parameter to profile.php or the (2) description parameter to events/add_event.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2010-2543 | 1 Cacti | 1 Cacti | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.
|
|||||
| CVE-2012-2995 | 1 Trendmicro | 1 Interscan Messaging Security Suite | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wrsApprovedURL parameter to addRuleAttrWrsApproveUrl.imss or (2) the src parameter to initUpdSchPage.imss.
|
|||||
| CVE-2010-2433 | 1 Ibm | 1 Websphere Ilog Jrules | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home.jsp in faces/.
|
|||||
| CVE-2013-6804 | 1 Jamroom | 1 Search Module | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results/all/1/4.
|
|||||
| CVE-2012-1652 | 3 Drupal, Wim Leers, Wimleers | 3 Drupal, Hierarchical Select, Hierarchical Select | 2025-04-11 | 2.1 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text."
|
|||||
| CVE-2013-3719 | 2 Algisinfo, Joomla | 2 Aicontactsafe, Joomla\! | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-4978 | 1 Nicholas Berry | 1 Candid | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the image_id parameter.
|
|||||
| CVE-2009-4866 | 1 Matt Wright | 1 Simple Search | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.cgi in Matt's Script Archive (MSA) Simple Search 1.0 allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-4142 | 4 Apple, Linux, Microsoft and 1 more | 4 Mac Os X, Linux Kernel, Windows and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.
|
|||||
| CVE-2013-1012 | 1 Apple | 1 Safari | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.
|
|||||
| CVE-2010-0716 | 1 Microsoft | 1 Sharepoint Server | 2025-04-11 | 3.5 LOW | N/A |
|
_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be impl ...
Show More |
|||||
| CVE-2012-2129 | 1 Andreas Gohr | 1 Dokuwiki | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action.
|
|||||
| CVE-2013-5438 | 1 Ibm | 1 Flex System Manager | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-3931 | 1 Rocomotion | 10 P Board, P Diary R, P Forum and 7 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18 and other versions, P forum 1.30 and earlier, P up board 1.38 and other versions, P diary R 1.13 and earlier, P link 1.11 and earlier, P link compact 1.04 and earlier, pplog 3.31 and earlier, pplog2 3.37 and earlier, PM bbs 1.07 and earlier, PM up bbs 1.08 and earlier, and PM forum 1.18 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2013-3166 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability," a different vulnerability than CVE-2013-0015.
|
|||||
| CVE-2013-1070 | 1 Ubuntu | 1 Metal As A Service | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/.
|
|||||
| CVE-2010-1647 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer.
|
|||||
| CVE-2011-1066 | 2 Drupal, Reyero | 2 Drupal, Messaging | 2025-04-11 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2011-1362 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1308.
|
|||||
| CVE-2012-5531 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-0936 | 1 D-link | 1 Dkvm-ip8 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.
|
|||||
| CVE-2010-2715 | 1 Tcwonline | 1 Tcw Php Album | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
|
|||||
| CVE-2010-0468 | 1 Paperthin | 1 Commonspot Content Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in PaperThin CommonSpot Content Server allows remote attackers to inject arbitrary web script or HTML via the url parameter.
|
|||||
| CVE-2010-4516 | 2 Joomla, Jxtended | 2 Joomla\!, Jxtended Comments | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-4023 | 1 Hp | 1 Insight Control Power Management | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-5837 | 1 Mozilla | 1 Firefox | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
|
|||||
| CVE-2011-4346 | 1 Redhat | 2 Enterprise Linux, Satellite | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.
|
|||||
| CVE-2011-0439 | 1 Mahara | 1 Mahara | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box.
|
|||||
| CVE-2012-5175 | 1 Kent-web | 1 Access Report | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to access-log data.
|
|||||