Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4848 | 1 Axscripts | 1 Axslinks | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in addlink.php in AXScripts AxsLinks 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) title parameter.
|
|||||
| CVE-2012-1956 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.
|
|||||
| CVE-2012-4972 | 1 Layton Technology | 1 Helpbox | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sys_solution_id, (2) sys_requesttype_id, (3) sys_problem_desc, (4) sys_solution_desc, (5) sys_problemsummary, (6) usr_Action_testing, (7) usr_Escalation, or (8) usr_Additional_Resources parameter to writesolutionuser.asp or the (9) sys_solution_id parameter to deletesolution.asp.
|
|||||
| CVE-2012-2446 | 1 Netsweeper | 1 Netsweeper | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action.
|
|||||
| CVE-2010-2914 | 1 Nessus | 2 Nessus, Web Server Plugin | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-1885 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) tus/ or (2) tus/tus/.
|
|||||
| CVE-2012-1006 | 1 Apache | 1 Struts | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
|
|||||
| CVE-2012-4667 | 1 Darold | 1 Squidclamav | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) virus, (3) source, or (4) user parameter to (a) clwarn.cgi, (b) clwarn.cgi.de_DE, (c) clwarn.cgi.en_EN, (d) clwarn.cgi.fr_FR, (e) clwarn.cgi.pt_BR, or (f) clwarn.cgi.ru_RU in cgi-bin/.
|
|||||
| CVE-2012-2920 | 2 User Photo, Wordpress | 2 User Photo, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-2321 | 2 Hp, Microsoft | 2 Service Manager Web Tier, Windows | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-0177 | 1 Apache | 1 Ofbiz | 2025-04-11 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute, as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages.
|
|||||
| CVE-2012-3835 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.
|
|||||
| CVE-2011-2023 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message.
|
|||||
| CVE-2010-1606 | 1 Ncrypted | 1 Nct Jobs Portal Script | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal Script allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) Keywords, (3) Tags, or (4) Desired City field.
|
|||||
| CVE-2010-1023 | 1 Taskcenter Recent Project | 1 Taskcenter Recent | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the UserTask Center, Recent (taskcenter_recent) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-4453 | 1 Ldap-account-manager | 1 Ldap Account Manager | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter.
|
|||||
| CVE-2013-7257 | 1 Codiad | 1 Codiad | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field.
|
|||||
| CVE-2010-0349 | 1 C-3.co.jp | 1 Webcalenderc3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: this issue could not be reproduced by the vendor, but a patch was provided anyway. The original researcher is reliable.
|
|||||
| CVE-2010-0695 | 1 Basic-cms | 1 Basic-cms | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-CMS allows remote attackers to inject arbitrary web script or HTML via the nav_id parameter.
|
|||||
| CVE-2013-4705 | 1 Opera | 1 Opera Browser | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding.
|
|||||
| CVE-2012-0903 | 1 Vmware | 1 Zimbra Desktop | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop 7.1.2 b10978 allow remote attackers to inject arbitrary web script or HTML via the (1) Username or (2) MailBox Name.
|
|||||
| CVE-2013-2177 | 2 Drupal, Kristof De Jaeger | 2 Drupal, Display Suite | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label.
|
|||||
| CVE-2011-1533 | 1 Hp | 7 Envy 100 D410, Photosmart B110, Photosmart D110 and 4 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2011-1737 | 1 Hp | 1 Palm Webos | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Email application in HP Palm webOS 1.4.5 and 1.4.5.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2011-3859 | 2 Themehybrid, Wordpress | 2 Trending, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
|
|||||
| CVE-2013-4939 | 2 Moodle, Yahoo | 2 Moodle, Yui | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
|
|||||
| CVE-2010-4208 | 3 Moodle, Mozilla, Yahoo | 3 Moodle, Bugzilla, Yui | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.
|
|||||
| CVE-2013-5501 | 1 Cisco | 1 Mediasense | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328.
|
|||||
| CVE-2013-4447 | 1 Md-systems | 1 Simplenews | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an email address.
|
|||||
| CVE-2013-5706 | 1 Trivantis | 1 Coursemill Learning Management System | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to error messages and (1) crafted event attributes or (2) > (greater than) characters that are optional within a browser's HTML implementation, a different issue than CVE-2013-3603.
|
|||||
| CVE-2010-4522 | 1 Mybb | 1 Mybb | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php.
|
|||||
| CVE-2012-3848 | 1 Sonicwall | 1 Scrutinizer | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.
|
|||||
| CVE-2011-2743 | 1 Chyrp | 1 Chyrp | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) includes/javascript.php, or the (3) title or (4) body parameter to admin/help.php.
|
|||||
| CVE-2012-4340 | 1 Sybase | 1 Easerver | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-4829 | 3 Drupal, James Glasgow, John Vandervort | 3 Drupal, Autologout, Autologout | 2025-04-11 | 2.1 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-2479 | 2 Htmlpurifier, Mahara | 2 Htmlpurifier, Mahara | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-6463 | 1 Opera | 1 Opera Browser | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs.
|
|||||
| CVE-2010-4355 | 1 Dadabik | 1 Dadabik | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, when the insert or edit feature is enabled, allows remote authenticated users to inject arbitrary web script or HTML via the select_single parameter.
|
|||||
| CVE-2012-1779 | 1 Idevspot | 1 Idev-businessdirectory | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IDevSpot idev-BusinessDirectory 3.0 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter to index.php.
|
|||||
| CVE-2012-2604 | 1 Bradfordnetworks | 2 Network Sentry Appliance, Network Sentry Appliance Software | 2025-04-11 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp in the Guest/Contractor access component in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields.
|
|||||