Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-5229 1 Wordpress 2 Slideshow Gallery2, Wordpress 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter.
CVE-2012-5228 1 Tincan 1 Phplist 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information.
CVE-2012-5232 2 Joomla, Mediafire 2 Joomla\!, Mod Quick Form 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-5164 1 Fork-cms 1 Fork Cms 2017-08-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2) search/ajax/autosuggest.php, (3) livesuggest.php, or (4) save.php in frontend/modules/search/ajax.
CVE-2012-4018 1 Finalbeta 1 Mywebsearch 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWebSearch before 1.23 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
CVE-2012-3835 1 Alienvault 1 Open Source Security Information Management 2017-08-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.
CVE-2012-3840 1 Myclientbase 1 Myclientbase 2017-08-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) last_name parameters.
CVE-2012-4955 1 Dell 1 Openmanage Server Administrator 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4938 1 Patterninsight 1 Pattern Insight 2017-08-28 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the web interface in Pattern Insight 2.3 allows remote authenticated administrators to inject arbitrary web script or HTML via the banner message.
CVE-2012-4972 1 Layton Technology 1 Helpbox 2017-08-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sys_solution_id, (2) sys_requesttype_id, (3) sys_problem_desc, (4) sys_solution_desc, (5) sys_problemsummary, (6) usr_Action_testing, (7) usr_Escalation, or (8) usr_Additional_Resources parameter to writesolutionuser.asp or the (9) sys_solution_id parameter to deletesolution.asp.
CVE-2012-5169 1 Atutor 1 Acontent 2017-08-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter.
CVE-2012-5050 1 Vmware 1 Vcenter Operations 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-5103 1 Dnelubin 1 Gelinsguestbook 2017-08-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in action/add-submit.php in Ggb Guestbook 0.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) message parameter.
CVE-2012-4998 1 Starcms 1 Starcms 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in starCMS allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2012-4995 1 Limesurvey 1 Limesurvey 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the full_name parameter in a moduser action to admin/admin.php. NOTE: some of these details are obtained from third party information.
CVE-2012-4950 1 Patterninsight 1 Pattern Insight 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Keyword Search page in the web interface in Pattern Insight 2.3 allows remote attackers to inject arbitrary web script or HTML via crafted characters that are not properly handled during construction of error messages.
CVE-2012-5102 1 Dariusz Handzlik 1 Vertrigoserv 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in inc/extensions.php in VertrigoServ 2.25 allows remote attackers to inject arbitrary web script or HTML via the ext parameter.
CVE-2012-5099 1 Phpb2b 1 Phpb2b 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in list.php in PHPB2B 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
CVE-2012-5105 1 Sqlitemanager 1 Sqlitemanager 2017-08-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (3) nsextt parameter to index.php.
CVE-2012-5163 1 Osclass 1 Osclass 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category action to index.php.