Search
Total
6403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0793 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-09-19 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. | |||||
| CVE-2012-5837 | 1 Mozilla | 1 Firefox | 2017-09-19 | 6.8 MEDIUM | N/A |
| The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string. | |||||
| CVE-2012-2889 | 2 Apple, Google | 2 Iphone Os, Chrome | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)." | |||||
| CVE-2012-1956 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. | |||||
| CVE-2012-0446 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects. | |||||
| CVE-2011-3648 | 1 Mozilla | 2 Firefox, Thunderbird | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. | |||||
| CVE-2011-2369 | 1 Mozilla | 1 Firefox | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity. | |||||
| CVE-2010-2768 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding. | |||||
| CVE-2010-2763 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 4.3 MEDIUM | N/A |
| The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function. | |||||
| CVE-2010-3770 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering. | |||||
| CVE-2010-2769 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled. | |||||
| CVE-2010-3177 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server. | |||||
| CVE-2010-4047 | 1 Opera | 1 Opera Browser | 2017-09-19 | 4.3 MEDIUM | N/A |
| Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. | |||||
| CVE-2009-4713 | 1 Alexandre Amaral | 1 Xoops Celepar | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to (3) categoria.php and (4) index.php. | |||||
| CVE-2010-1137 | 1 Vmware | 3 Esx Server, Server, Virtualcenter | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine. | |||||
| CVE-2010-0544 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL. | |||||
| CVE-2010-1389 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection. | |||||
| CVE-2009-4699 | 1 Skadate | 1 Skadate Online Dating Software | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php. | |||||
| CVE-2009-4697 | 1 Radscripts | 1 Radnics | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action. | |||||
| CVE-2009-4682 | 1 Scriptsez | 1 Good\/bad Vote | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action. | |||||
| CVE-2009-4729 | 1 X10media | 1 Adult Script | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media Script 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, (3) id parameter to templates/header1.php, and (4) key parameter to video_listing.php. | |||||
| CVE-2010-1418 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces. | |||||
| CVE-2010-1236 | 2 Flock, Google | 2 Flock, Chrome | 2017-09-19 | 4.3 MEDIUM | N/A |
| The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence. | |||||
| CVE-2010-0170 | 1 Mozilla | 1 Firefox | 2017-09-19 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin. | |||||
| CVE-2010-1504 | 1 Google | 1 Chrome | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI. | |||||
| CVE-2010-1503 | 1 Google | 1 Chrome | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI. | |||||
| CVE-2010-1197 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document. | |||||
| CVE-2009-4616 | 1 Myrephp | 1 Myre Holiday Rental Manager | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday Rental Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter. | |||||
| CVE-2009-4681 | 1 Phpdirectorysource | 1 Phpdirectorysource | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter. | |||||
| CVE-2010-1143 | 1 Vmware | 1 View Manager | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1395 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue." | |||||
| CVE-2009-4692 | 1 Radscripts | 1 Radlance | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action. | |||||
| CVE-2010-1778 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed. | |||||
| CVE-2010-0162 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | |||||
| CVE-2010-1762 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element. | |||||
| CVE-2010-1390 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document. | |||||
| CVE-2009-4984 | 1 Websitesrus | 1 Accessories Me Php Affiliate Script | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php. | |||||
| CVE-2010-1394 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments. | |||||
| CVE-2009-2330 | 1 Cms.tut.su | 1 Cms Chainuk | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter. | |||||
| CVE-2009-4478 | 1 Xstate | 1 Real Estate | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real Estate 1.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) home.html or (2) lands.html. | |||||
| CVE-2009-3155 | 2 Almondsoft, Joomla | 2 Com Aclassf, Joomla | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter. | |||||
| CVE-2009-3016 | 1 Apple | 1 Safari | 2017-09-19 | 4.3 MEDIUM | N/A |
| Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. | |||||
| CVE-2009-3171 | 1 Anantasoft | 1 Gazelle Cms | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (2) lookup parameter to search.php. | |||||
| CVE-2009-2820 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-09-19 | 4.3 MEDIUM | N/A |
| The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues. | |||||
| CVE-2009-3719 | 1 Davethewebguy | 1 Battle Blog | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to inject arbitrary web script or HTML via a comment. | |||||
| CVE-2009-3714 | 1 Maniacomputer | 1 Mcshoutbox | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin_login.php in MCshoutbox 1.1 allows remote attackers to inject arbitrary web script or HTML via the loginerror parameter. | |||||
| CVE-2009-3247 | 1 Vtiger | 1 Vtiger Crm | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote attackers to inject arbitrary web script or HTML via the action parameter to phprint.php. NOTE: the query_string vector is already covered by CVE-2008-3101.3. | |||||
| CVE-2009-2219 | 1 David Degner | 1 Phpcollegeexchange | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2) home parameter to (d) i_head.php or (e) i_nav.php, or (f) allbooks.php, (g) home.php, or (h) i_nav.php in books/. | |||||
| CVE-2009-2228 | 1 Kasseler-cms | 1 Kasseler Cms | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action. | |||||
| CVE-2009-3562 | 1 Xerver | 1 Xerver | 2017-09-19 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action. | |||||