Total
38296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0399 | 1 Rsa | 1 Envision | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-4264 | 1 Etomite | 1 Etomite | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-4547 | 1 Laurent Destailleur | 1 Awstats | 2025-04-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors. | |||||
| CVE-2012-5882 | 1 Yahoo | 1 Yui | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208. | |||||
| CVE-2009-4822 | 1 Kasseler-cms | 1 Kasseler Cms | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters. | |||||
| CVE-2011-1396 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component. | |||||
| CVE-2010-0940 | 1 Sanusart | 1 Simple Php Guestbook | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2010-2000 | 2 Drupal, Ron Jerome | 2 Drupal, Bibliography | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358. | |||||
| CVE-2010-1074 | 2 2bits, Drupal | 2 Currency, Drupal | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging. | |||||
| CVE-2009-4505 | 1 Alkacon | 2 Oamp Comments, Opencms | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors. | |||||
| CVE-2013-4003 | 1 Ibm | 1 Tririga Application Platform | 2025-04-11 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3.1.1, and 8, allow remote authenticated users to inject arbitrary web script or HTML via (1) unspecified input to WebProcess.srv, (2) unspecified input to html/en/default/actionHandler/queryHandler.jsp, or (3) unspecified input in a portalSectionId action to html/en/default/reportTemplate/hGridTopQuery.jsp. | |||||
| CVE-2010-3447 | 1 Horde | 1 Gollem | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a view_file action. | |||||
| CVE-2011-4551 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. | |||||
| CVE-2009-4185 | 1 Hp | 1 System Management Homepage | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter. | |||||
| CVE-2013-7142 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions. | |||||
| CVE-2011-0733 | 1 Adobe | 1 Coldfusion | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file. | |||||
| CVE-2010-1486 | 1 Cactushop | 1 Cactushop | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address. | |||||
| CVE-2012-2300 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2025-04-11 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1612 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-2022 | 1 Happyworm | 1 Jplayer | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, a different vulnerability than CVE-2013-1942 and CVE-2013-2023, as demonstrated by using the alert function in the jQuery parameter. NOTE: these are the same parameters as CVE-2013-1942, but the fix for CVE-2013-1942 uses a blacklist for the jQuery parameter. | |||||