Total
38263 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7141 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags. | |||||
| CVE-2012-5913 | 2 Wordpress, Wordpress Integrator Project | 2 Wordpress, Wordpress Integrator | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php. | |||||
| CVE-2012-4612 | 1 Emc | 2 Rsa Data Protection Manager Appliance, Rsa Data Protection Manager Software Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2298 | 2 Drupal, Nancy Wichmann | 3 Drupal, Realname, Realname | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks." | |||||
| CVE-2012-3871 | 1 Openconstructor Project | 1 Openconstructor | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter. | |||||
| CVE-2012-0976 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-6029 | 1 Cisco | 1 Nac Appliance | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109. | |||||
| CVE-2012-6517 | 1 Diy-cms | 1 Diy-cms | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2) question or (3) answer parameter to modules/poll/edit.php. | |||||
| CVE-2010-3854 | 1 Apache | 1 Couchdb | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-5417 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via HTTP response data. | |||||
| CVE-2013-4065 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2025-04-11 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP. | |||||
| CVE-2011-5193 | 2 Phpace, Wordpress | 2 Samswhois, Wordpress | 2025-04-11 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194. | |||||
| CVE-2013-3999 | 1 Ibm | 1 Social Media Analytics | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics 1.2 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4647 | 1 Accellion | 1 Secure File Transfer Appliance | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs. | |||||
| CVE-2010-4358 | 1 Mrcgiguy | 1 Guestbook | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in MRCGIGUY (MCG) Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) website, and (4) message parameters. | |||||
| CVE-2013-4274 | 2 Drupal, Erikwebb | 2 Drupal, Password Policy | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web script or HTML via the "Password Expiration Warning" field to the admin/config/people/password_policy/add page. | |||||
| CVE-2011-1716 | 1 Xymon | 1 Xymon | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-4484 | 2 Drupal, Trexart | 2 Drupal, Campaignmonitor | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site). | |||||
| CVE-2011-1332 | 1 Cybozu | 1 Garoon | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-6570. | |||||
| CVE-2010-2043 | 1 Magnoware | 1 Datatrack System | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack System 3.5 and 3.5.8019.4 allows remote attackers to inject arbitrary web script or HTML via the Work_Order_Summary parameter (aka the request summary). NOTE: some of these details are obtained from third party information. | |||||