Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2330 | 1 Uninet | 1 Statsplus | 2010-08-29 | 5.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via (1) HTTP_USER_AGENT or (2) HTTP_REFERER, which is written to stats.html and executed in client browsers. | |||||
| CVE-2007-5227 | 1 Blackboard | 1 Blackboard Learning And Community Post Systems | 2010-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the (1) subject_t and (2) body_text parameters. NOTE: vector 2 requires bypassing a client-side security mechanism that attempts to block XSS sequences. | |||||
| CVE-2009-4994 | 1 Smartertools | 1 Smartertrack | 2010-08-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2009-4995 | 1 Smartertools | 1 Smartertrack | 2010-08-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4980 | 1 Keil-software | 1 Photokorn Gallery | 2010-08-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php. | |||||
| CVE-2009-4983 | 1 Snowhall | 1 Silurus System | 2010-08-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php. | |||||
| CVE-2009-4989 | 1 Ajsquare | 1 Aj Auction Pro-oopd | 2010-08-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action. | |||||
| CVE-2009-4990 | 2 Drupal, Jrbcs | 2 Drupal, Webform Report | 2010-08-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission. | |||||
| CVE-2009-4991 | 1 Omnistaretools | 1 Omnistar Recruiting | 2010-08-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in users/resume_register.php in Omnistar Recruiting allows remote attackers to inject arbitrary web script or HTML via the job2 parameter. | |||||
| CVE-2010-2988 | 1 Cisco | 1 Unified Wireless Network Solution Software | 2010-08-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333. | |||||
| CVE-2010-2987 | 1 Cisco | 2 Unified Wireless Network Solution Software, Wireless Control System Software | 2010-08-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless Control System (WCS) 7.x before 7.0.164, as used in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtg33854. | |||||
| CVE-2010-2985 | 1 Ibm | 1 Websphere Service Registry And Repository | 2010-08-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do. | |||||
| CVE-2010-2487 | 1 Moinmo | 1 Moinmoin | 2010-08-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py. | |||||
| CVE-2010-2969 | 1 Moinmo | 1 Moinmoin | 2010-08-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487. | |||||
| CVE-2010-2970 | 1 Moinmo | 1 Moinmoin | 2010-08-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487. | |||||
| CVE-2010-1647 | 1 Mediawiki | 1 Mediawiki | 2010-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer. | |||||
| CVE-2009-4963 | 1 Typo3 | 2 Commerce Extension, Typo3 | 2010-07-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4972 | 1 Kelvin Mo | 1 Simpleid | 2010-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php (aka the log in page) in SimpleID before 0.6.5 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2010-2854 | 1 Jared Meeker | 1 Event Horizon | 2010-07-25 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters, which are not properly handled in a forced SQL error message. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4948 | 2 Joachim Ruhs, Typo3 | 2 Locator, Typo3 | 2010-07-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||