Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1371 | 1 Preprojects | 1 Pre Classified Listings Asp | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to inject arbitrary web script or HTML via the address parameter.
|
|||||
| CVE-2010-4111 | 3 Hp, Linux, Microsoft | 3 Insight Diagnostics, Linux Kernel, Windows | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-6082 | 1 Moinmo | 1 Moinmoin | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.
|
|||||
| CVE-2010-3201 | 1 Netwin | 1 Surgemail | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.
|
|||||
| CVE-2013-1471 | 1 Fortinet | 6 Fortimail, Fortimail-2000b, Fortimail-200d and 3 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section.
|
|||||
| CVE-2010-3294 | 1 Pecl-php | 1 Alternative Php Cache | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-4272 | 2 Ppfeufer, Wordpress | 2 2-click-social-media-buttons, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "processing of the buttons of Xing and Pinterest".
|
|||||
| CVE-2010-3797 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-5841 | 5 Canonical, Mozilla, Opensuse and 2 more | 13 Ubuntu Linux, Firefox, Seamonkey and 10 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
|
|||||
| CVE-2013-6991 | 2 Wokamoto, Wordpress | 2 Wp-cron Dashboard, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to wp-admin/tools.php.
|
|||||
| CVE-2012-1646 | 1 Drupal | 1 Faq | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via the (1) title parameter in faq.admin.inc or (2) detailed_question parameter in faq.module.
|
|||||
| CVE-2012-1113 | 2 Maian, Menalto | 2 Gallery, Gallery | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-3695 | 1 Horde | 2 Groupware, Imp | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.
|
|||||
| CVE-2011-4335 | 1 Contao | 1 Contao Cms | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
|
|||||
| CVE-2010-2158 | 2 Drupal, Speedtech | 2 Drupal, Storm | 2025-04-11 | 2.1 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2012-4268 | 2 Ait-pro, Wordpress | 2 Bulletproof-security, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_ACCEPT_ENCODING header.
|
|||||
| CVE-2010-0778 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-2636 | 1 Kent-web | 1 Web Patio | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-4852 | 1 Festic | 1 Semanticscuttle | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspecified vectors, a different issue than CVE-2008-6113. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-3805 | 1 Kajona | 1 Kajona | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe p ...
Show More |
|||||
| CVE-2011-1894 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
|
|||||
| CVE-2013-4940 | 2 Moodle, Yahoo | 2 Moodle, Yui | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.
|
|||||
| CVE-2013-6956 | 1 Juniper | 1 Ive Os | 2025-04-11 | 2.1 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-4003 | 1 Glpi-project | 1 Glpi | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2012-5762 | 1 Ibm | 1 Netezza | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via vectors involving the MHTML protocol.
|
|||||
| CVE-2011-5220 | 1 Cristopher Shi | 1 Php-scms | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to index.php.
|
|||||
| CVE-2012-6458 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or the (4) FirstName or (5) Surname parameter to code/forms/ShopAccountForm.php.
|
|||||
| CVE-2012-2364 | 1 Moodle | 1 Moodle | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action.
|
|||||
| CVE-2012-4207 | 6 Canonical, Debian, Mozilla and 3 more | 14 Ubuntu Linux, Debian Linux, Firefox and 11 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.
|
|||||
| CVE-2010-3274 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.
|
|||||
| CVE-2014-0812 | 2 Kent-web, Microsoft | 2 Joyful Note, Internet Explorer | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2011-4819 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/.
|
|||||
| CVE-2012-5233 | 2 Drupal, Luke Herrington | 2 Drupal, Stickynote | 2025-04-11 | 2.1 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs.
|
|||||
| CVE-2013-4117 | 2 Anshul Sharma, Wordpress | 2 Category-grid-view-gallery, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
|
|||||
| CVE-2012-3396 | 1 Moodle | 1 Moodle | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365.
|
|||||
| CVE-2011-3385 | 2 Lepton-cms, Websitebaker2 | 2 Lepton, Websitebaker | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in WebsiteBaker before 2.8, as used in LEPTON and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2006-2307.
|
|||||
| CVE-2011-1953 | 1 Postrev | 1 Post Revolution | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a (1) P, a (2) STRONG, a (3) A, a (4) EM, a (5) I, a (6) IMG, a (7) LI, an (8) OL, a (9) VIDEO, or a (10) BLOCKQUOTE element.
|
|||||
| CVE-2012-2365 | 1 Moodle | 1 Moodle | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.
|
|||||
| CVE-2011-3392 | 1 Phorum | 1 Phorum | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter.
|
|||||
| CVE-2013-4378 | 1 Emeric Vernat | 1 Javamelody | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header.
|
|||||