Total
21765 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-1293 | 1 Ulli Horlacher | 1 Fex | 2012-10-29 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters. | |||||
CVE-2012-0327 | 1 Redmine | 1 Redmine | 2012-10-29 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-2578 | 1 Smartertools | 1 Smartermail | 2012-10-25 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document. | |||||
CVE-2012-2586 | 1 Mailtraq | 1 Mailtraq | 2012-10-25 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with (1) a JavaScript alert function used in conjunction with the fromCharCode method or (2) a SCRIPT element; an e-mail message body with (3) a crafted SRC attribute of an IFRAME element, (4) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (5) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an IMG element; or an e-mail message Date header with (6) a JavaScript alert function used in conjunction with the fromCharCode method, (7) a SCRIPT element, (8) a CSS expression property in the STYLE attribute of an arbitrary element, (9) a crafted SRC attribute of an IFRAME element, or (10) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element. | |||||
CVE-2007-5683 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2012-10-23 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php. | |||||
CVE-2006-6162 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2012-10-23 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-6163 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2012-10-23 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters. | |||||
CVE-2011-4551 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2012-10-23 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. | |||||
CVE-2005-3283 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2012-10-23 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
CVE-2008-1047 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2012-10-23 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-5961 | 1 Tribiq | 1 Tribiq Cms | 2012-10-23 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2010-4827 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2012-10-23 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the M_NAME parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2005-4247 | 1 Plogger | 1 Plogger | 2012-10-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. | |||||
CVE-2006-4755 | 1 Accomplishtechnology | 1 Phpmydirectory | 2012-10-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2012-0974 | 1 Juan Ramon | 1 Osclass | 2012-10-14 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sCity, (2) sPattern, (3) sPriceMax, and (4) sPriceMin parameters in a search action to index.php. | |||||
CVE-2011-5193 | 2 Phpace, Wordpress | 2 Samswhois, Wordpress | 2012-10-14 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194. | |||||
CVE-2012-1627 | 2 Drupal, Marvil07 | 2 Drupal, Vote Up Down | 2012-10-14 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms. | |||||
CVE-2010-0636 | 1 K5n | 1 Webcalendar | 2012-10-12 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject arbitrary web script or HTML via the (1) tab parameter to users.php and the PATH_INFO to (2) day.php, (3) month.php, and (4) week.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2012-4667 | 1 Darold | 1 Squidclamav | 2012-10-11 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) virus, (3) source, or (4) user parameter to (a) clwarn.cgi, (b) clwarn.cgi.de_DE, (c) clwarn.cgi.en_EN, (d) clwarn.cgi.fr_FR, (e) clwarn.cgi.pt_BR, or (f) clwarn.cgi.ru_RU in cgi-bin/. | |||||
CVE-2012-4342 | 1 Menalto | 1 Gallery | 2012-10-08 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |