Search
Total
6403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0779 | 1 Xmb Forum | 1 Xmb | 2021-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag. | |||||
| CVE-2007-0519 | 1 Xmb Software | 1 U2u Instant Messenger | 2021-04-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field. | |||||
| CVE-2008-6495 | 1 Zirkon Box | 1 Yappa-ng | 2021-04-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter. | |||||
| CVE-2008-1133 | 1 Drupal | 1 Drupal | 2021-04-20 | 4.3 MEDIUM | N/A |
| The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | |||||
| CVE-2008-3218 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2021-04-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values. | |||||
| CVE-2007-0136 | 1 Drupal | 1 Drupal | 2021-04-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-5569 | 3 Basic Webmail Project, Drupal, Jason Flatt | 3 Basic Webmail, Drupal, Basic Webmail | 2021-04-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message. | |||||
| CVE-2008-3219 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2021-04-15 | 4.3 MEDIUM | N/A |
| The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism. | |||||
| CVE-2012-0428 | 1 Microfocus | 1 Edirectory | 2021-04-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-5968 | 2 Broadcom, Ca | 2 Siteminder, Web Agents | 2021-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character. | |||||
| CVE-2015-2827 | 1 Broadcom | 1 Spectrum | 2021-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8247 | 1 Broadcom | 1 Release Automation | 2021-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-4119 | 2 Broadcom, Ca | 2 Service Desk, Cmdb | 2021-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms." | |||||
| CVE-2013-2630 | 1 Broadcom | 1 Service Desk Manager | 2021-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12.5 through 12.7 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2007-5472 | 1 Broadcom | 1 Host-based Intrusion Prevention System | 2021-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Server component in CA Host-Based Intrusion Prevention System (HIPS) before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for later display in the log viewer. | |||||
| CVE-2007-6406 | 1 Broadcom | 1 Etrust Threat Management Console | 2021-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Computer Associates) eTrust Threat Management Console allow remote attackers to inject arbitrary web script or HTML via the IP Address field and other unspecified fields. | |||||
| CVE-2014-5216 | 1 Microfocus | 1 Access Manager | 2021-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412. | |||||
| CVE-2014-9412 | 1 Microfocus | 1 Access Manager | 2021-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216. | |||||
| CVE-2007-5923 | 1 Broadcom | 1 Etrust Siteminder | 2021-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204. | |||||
| CVE-2015-2944 | 1 Apache | 2 Sling Api, Sling Servlets Post | 2021-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse. | |||||
| CVE-2012-1254 | 1 Segue Project | 1 Segue | 2021-04-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-3983 | 1 Kent-web | 1 Web Forum | 2021-03-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to cookies. | |||||
| CVE-2014-3786 | 1 Lucidcrew | 1 Pixie | 2021-03-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1) uemail or (2) subject parameter in the Contact form to contact/. | |||||
| CVE-2014-8578 | 1 Openstack | 1 Horizon | 2021-03-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475. | |||||
| CVE-2014-3594 | 2 Openstack, Opensuse | 2 Horizon, Opensuse | 2021-03-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name. | |||||
| CVE-2014-3475 | 2 Openstack, Opensuse | 2 Horizon, Opensuse | 2021-03-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578. | |||||
| CVE-2014-3474 | 2 Openstack, Opensuse | 2 Horizon, Opensuse | 2021-03-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name. | |||||
| CVE-2014-3473 | 2 Openstack, Opensuse | 2 Horizon, Opensuse | 2021-03-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template. | |||||
| CVE-2013-6858 | 3 Canonical, Openstack, Opensuse | 3 Ubuntu Linux, Horizon, Opensuse | 2021-03-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page. | |||||
| CVE-2009-5031 | 2 Opensuse, Trustwave | 2 Opensuse, Modsecurity | 2021-02-12 | 4.3 MEDIUM | N/A |
| ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header. | |||||
| CVE-2010-3906 | 2 Git, Git-scm | 2 Git, Git | 2021-01-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters. | |||||
| CVE-2014-9272 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2021-01-12 | 4.3 MEDIUM | N/A |
| The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol. | |||||
| CVE-2014-9270 | 1 Mantisbt | 1 Mantisbt | 2021-01-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 through 1.2.17 allows remote attackers to inject arbitrary web script or HTML via the "profile/Platform" field. | |||||
| CVE-2014-9269 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2021-01-12 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie. | |||||
| CVE-2013-4460 | 1 Mantisbt | 1 Mantisbt | 2021-01-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name. | |||||
| CVE-2010-1330 | 1 Jruby | 1 Jruby | 2021-01-12 | 4.3 MEDIUM | N/A |
| The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string. | |||||
| CVE-2015-3174 | 1 Moodle | 1 Moodle | 2020-12-01 | 3.5 LOW | N/A |
| mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading. | |||||
| CVE-2015-0212 | 1 Moodle | 1 Moodle | 2020-12-01 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary. | |||||
| CVE-2014-9059 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.3 MEDIUM | N/A |
| lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts. | |||||
| CVE-2014-3551 | 1 Moodle | 1 Moodle | 2020-12-01 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric. | |||||
| CVE-2014-3550 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task. | |||||
| CVE-2015-3178 | 1 Moodle | 1 Moodle | 2020-12-01 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services. | |||||
| CVE-2014-3549 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt. | |||||
| CVE-2014-3547 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge. | |||||
| CVE-2014-3544 | 1 Moodle | 1 Moodle | 2020-12-01 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field. | |||||
| CVE-2014-7830 | 1 Moodle | 1 Moodle | 2020-12-01 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter. | |||||
| CVE-2015-2273 | 1 Moodle | 1 Moodle | 2020-12-01 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response. | |||||
| CVE-2014-3548 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog. | |||||
| CVE-2015-2269 | 1 Moodle | 1 Moodle | 2020-12-01 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element. | |||||
| CVE-2014-7835 | 1 Moodle | 1 Moodle | 2020-12-01 | 2.1 LOW | N/A |
| webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) attacks, by specifying the profile-picture area. | |||||