Search
Total
6403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2770 | 1 Robert Luberda | 1 Man2html | 2011-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html 1.6, and possibly other version, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error messages. | |||||
| CVE-2010-5018 | 1 2daybiz | 1 Online Classified Script | 2011-11-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | |||||
| CVE-2011-3320 | 1 Ge | 1 Intelligent Platforms Proficy Historian | 2011-11-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Administrator component in GE Intelligent Platforms Proficy Historian 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2010-5005 | 1 Rayzz | 1 Photoz | 2011-11-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in members/profileCommentsResponse.php in Rayzz Photoz allows remote attackers to inject arbitrary web script or HTML via the profileCommentTextArea parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2011-3998 | 1 Apple | 1 Webobjects | 2011-11-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-3986 | 1 Pligg | 1 Pligg Cms | 2011-11-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-4277 | 1 Courseforum | 1 Projectforum | 2011-11-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum 7.0.1.3038 allows remote attackers to inject arbitrary web script or HTML via a crafted name of an object within a more object on a wiki page. | |||||
| CVE-2011-3999 | 1 Ibc.co.jp | 1 Iwate Portal Bar | 2011-11-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader implementation in Iwate Portal Bar allows remote attackers to inject arbitrary web script or HTML via a crafted feed. | |||||
| CVE-2011-2771 | 1 Mahara | 1 Mahara | 2011-11-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed. | |||||
| CVE-2011-4436 | 1 Dell | 1 Kace K2000 Systems Deployment Appliance | 2011-11-14 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-3985 | 1 Plume-cms | 1 Plume Cms | 2011-11-10 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2673 | 1 E-catchup | 1 Basercms | 2011-11-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-0733 | 1 Adobe | 1 Coldfusion | 2011-11-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file. | |||||
| CVE-2011-0735 | 1 Adobe | 1 Coldfusion | 2011-11-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script." | |||||
| CVE-2011-0734 | 1 Adobe | 1 Coldfusion | 2011-11-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was originally reported as affecting 9.0.1 CHF1 and earlier. | |||||
| CVE-2011-3860 | 2 Onedesigns, Wordpress | 2 Cover Wp, Wordpress | 2011-10-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2011-1330 | 1 Kbs | 1 Weblygo | 2011-10-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 Pro/LE, 5.03 Pro/LE, 5.04 Pro/LE, and 5.10 Pro/LE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-5086 | 1 Juniper | 1 Idp | 2011-10-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-3862 | 2 Adazing, Wordpress | 2 Morning Coffee, Wordpress | 2011-10-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | |||||
| CVE-2011-3854 | 2 Quirm, Wordpress | 2 Zenlite, Wordpress | 2011-10-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2011-3850 | 2 Bytesforall, Wordpress | 2 Atahualpa, Wordpress | 2011-10-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2011-0242 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2011-10-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username. | |||||
| CVE-2011-3254 | 1 Apple | 1 Iphone Os | 2011-10-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. | |||||
| CVE-2011-2947 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2011-10-06 | 4.3 MEDIUM | N/A |
| Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document. | |||||
| CVE-2011-3385 | 2 Lepton-cms, Websitebaker2 | 2 Lepton, Websitebaker | 2011-10-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebsiteBaker before 2.8, as used in LEPTON and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2006-2307. | |||||
| CVE-2011-2133 | 1 Adobe | 2 Robohelp, Robohelp Server | 2011-10-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 before 9.0.1.262, and RoboHelp Server 8 and 9, allows remote attackers to inject arbitrary web script or HTML via the URI, related to template_stock/whutils.js. | |||||
| CVE-2011-3132 | 1 Tibco | 2 Spotfire Analytics Server, Spotfire Server | 2011-09-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-3576 | 1 Ibm | 1 Lotus Domino | 2011-09-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf. | |||||
| CVE-2011-1937 | 1 Webmin | 1 Webmin | 2011-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl. | |||||
| CVE-2011-2078 | 1 Inventivetec | 1 Mediacast | 2011-09-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1537 | 1 Hp | 1 Proliant Support Pack | 2011-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1542 | 1 Hp | 1 Systems Insight Manager | 2011-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1523 | 1 Nagios | 1 Nagios | 2011-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. | |||||
| CVE-2011-0892 | 1 Hp | 1 Diagnostics | 2011-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and 8.0x before 8.05.54.225 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2011-0893 | 1 Hp | 1 Operations | 2011-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Operations 9.10 on UNIX platforms allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4748 | 1 Pmwiki | 1 Pmwiki | 2011-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4749 | 1 Blogcms | 1 Blog\ | 2011-09-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) body parameter to action.php and the (2) amount and (3) action parameters to admin/index.php. | |||||
| CVE-2010-4734 | 1 Amix | 1 Skeletonz Cms 1.0 | 2011-09-22 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-3382 | 1 Phorum | 1 Phorum | 2011-09-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-3384 | 2 Mozilla, Sage-mozdev | 2 Firefox, Sage | 2011-09-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102. | |||||
| CVE-2005-3511 | 1 Spymac | 1 Spymac Web Os | 2011-09-13 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4.0 allow remote attackers to inject arbitrary web script or HTML via (a) the blogs module, including the (1) curr parameter in index.php, (2) inspire, (3) system, or (4) title parameter in blog_newentry.php, (5) entry parameter in blog_newentry_comment.php, (6) entry parameter in blog_edit_entry.php, or (7) caldate parameter in blog.php; and (b) the notes module, including the (1) forwardid parameter in a noteform action; (2) del_folder parameter in a delete_folder action; (3) isread, (4) dateorder, (5) subjectorder, (6) curr, (7) fromorder, or (8) action parameters; (9) ppp or (10) totalreplies parameter in an Inbox action; (11) totalnotes parameter; or (12) touserid parameter in a noteform action. | |||||
| CVE-2006-5534 | 1 Zwahlen Informatik | 1 Online Shop | 2011-09-13 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) Kat, (3) id, or (4) no parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2005-4658 | 1 Iisworks | 1 Aspknowledgebase | 2011-09-13 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. | |||||
| CVE-2005-4491 | 1 Sitekit Solutions | 1 Sitekit Cms | 2011-09-13 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and (4) lang parameters to (a) Default.aspx, and the (6) ClickFrom parameter to (b) Request-call-back.html and (c) registration-form.html. NOTE: the vendor states "This issue was resolved by a minor update to Sitekit CMS v6.6, sanitising the html code and eradicating related security issues." | |||||
| CVE-2005-4485 | 1 Iatek | 1 Projectapp | 2011-09-13 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp. | |||||
| CVE-2005-4190 | 1 Horde | 1 Horde Application Framework | 2011-09-13 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag. | |||||
| CVE-2007-3156 | 1 Webmin | 2 Usermin, Webmin | 2011-09-13 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1856 | 1 Hp | 1 Business Availability Center | 2011-09-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1737 | 1 Hp | 1 Palm Webos | 2011-09-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Email application in HP Palm webOS 1.4.5 and 1.4.5.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-2788 | 1 Mediawiki | 1 Mediawiki | 2011-09-07 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter. | |||||