Total
21765 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-2570 | 1 Qualiteam | 1 X-cart | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter. | |||||
CVE-2012-2935 | 1 Oscommerce | 1 Online Merchant | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059. | |||||
CVE-2012-2918 | 1 Chevereto | 1 Chevereto | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter. | |||||
CVE-2012-3233 | 1 Kayako | 1 Fusion | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
CVE-2012-0989 | 1 Oneorzero | 1 Action And Information Management System | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | |||||
CVE-2011-4562 | 2 John Godley, Wordpress | 2 Redirection Plugin, Wordpress | 2017-08-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist. | |||||
CVE-2011-3294 | 1 Cisco | 2 Telepresence Video Communication Servers, Telepresence Video Communication Servers Software | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers (VCS) with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342. | |||||
CVE-2011-5048 | 1 Ibm | 1 Web Experience Factory | 2017-08-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (aka WEF, formerly WebSphere Portlet Factory) 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a (1) text INPUT element or (2) TEXTAREA element, related to an interaction between Smart Refresh and Dojo. | |||||
CVE-2011-5029 | 1 Alexander Palmo | 1 Simple Php Blog | 2017-08-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry parameter to delete.php or (2) category parameter to index.php. | |||||
CVE-2011-5019 | 1 Textpattern | 1 Textpattern | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter. | |||||
CVE-2012-0389 | 1 Mailenable | 1 Mailenable | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter. | |||||
CVE-2011-5221 | 1 Websvn | 1 Websvn | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php. | |||||
CVE-2011-5209 | 1 Cloneforest | 1 Graphicsclone Script | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter. | |||||
CVE-2011-5206 | 1 Rapidleech | 1 Rapidleech | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech before 2.3 rev42 SVN r399 allows remote attackers to inject arbitrary web script or HTML via the notes parameter. | |||||
CVE-2011-5070 | 1 Sitracker | 1 Support Incident Tracker | 2017-08-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possibly involving origref, linkref, linktype parameters, which are not properly handled in the clean_int function in lib/base.inc.php, or the redirect parameter, which is not properly handled in the html_redirect function in lib/html.inc.php; and (3) unspecified vectors in translate.php. | |||||
CVE-2011-5108 | 1 Adaptcms | 1 Adaptcms | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-5187 | 2 Drupal, Tag1consulting | 2 Drupal, Support | 2017-08-28 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Support Ticketing System module 6.x-1.x before 6.x-1.7 for Drupal allows remote authenticated users with the "administer support projects" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-5030 | 2 Drupal, Valthbald | 2 Drupal, Meta Tags Quick | 2017-08-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "names of entity bundles." | |||||
CVE-2012-0203 | 1 Ibm | 2 Infosphere Information Server, Infosphere Metadata Workbench | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-3243 | 1 Apple | 2 Iphone Os, Safari | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. |