Search
Total
6403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1215 | 1 Yoono | 1 Yoono For Firefox | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action. | |||||
| CVE-2012-1217 | 1 Simhl | 1 Sths V2 Web Portal | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php. | |||||
| CVE-2012-1219 | 1 Freelancerkit | 1 Freelancerkit | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in freelancerKit 2.35 allow remote attackers to inject arbitrary web script or HTML via the (1) ticket parameter to tickets.php, (2) title parameter to notes.php, or (3) task parameter to todo.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-1296 | 1 Elefantcms | 1 Elefantcms | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body parameter to admin/preview. | |||||
| CVE-2012-1659 | 2 Ariel Barreiro, Drupal | 2 Noderecommendation, Drupal | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1660 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2017-08-29 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios. | |||||
| CVE-2012-1417 | 1 Yealink | 14 Gigabit Color Ip Phone Sip-t32g, Gigabit Color Ip Phone Sip-t38g, Ip Phone Sip-t19p and 11 more | 2017-08-29 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com. | |||||
| CVE-2012-1503 | 1 Sixapart | 1 Movable Type | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section. | |||||
| CVE-2012-1507 | 1 Orangehrm | 1 Orangehrm | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php. | |||||
| CVE-2012-1639 | 2 Commerceguys, Drupal | 2 Commerce, Drupal | 2017-08-29 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters. | |||||
| CVE-2012-1556 | 1 Synology | 2 Diskstation Manager, Synology Photo Station | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php. | |||||
| CVE-2012-1561 | 1 Danielb | 1 Finder | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "checkbox and radio button functionalities." | |||||
| CVE-2012-1640 | 2 Alquimia, Drupal | 2 Managesite, Drupal | 2017-08-29 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Managesite module 6.x-1.x before 6.1-1.1 for Drupal allow remote authenticated users with "administer managesite" permissions to inject arbitrary web script or HTML via the title parameter when (1) adding or (2) updating a category. | |||||
| CVE-2012-1564 | 1 Yuriy V Semenikhin | 1 Yvs Image Gallery | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in administration/create_album.php in YVS Image Gallery allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1582 | 1 Mediawiki | 1 Mediawiki | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension. | |||||
| CVE-2012-1646 | 1 Drupal | 1 Faq | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via the (1) title parameter in faq.admin.inc or (2) detailed_question parameter in faq.module. | |||||
| CVE-2012-1647 | 2 Drupal, Mediafront | 2 Drupal, Mediafront | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web script or HTML via (1) $_SERVER['HTTP_HOST'] or (2) $_SERVER['SCRIPT_NAME'] to players/osmplayer/player/OSMPlayer.php, (3) playlist parameter to players/osmplayer/player/getplaylist.php, and possibly other vectors related to $_SESSION. | |||||
| CVE-2012-1648 | 2 Danielb, Drupal | 2 Cool Aid, Drupal | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1652 | 3 Drupal, Wim Leers, Wimleers | 3 Drupal, Hierarchical Select, Hierarchical Select | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text." | |||||
| CVE-2012-1653 | 2 Collectivecolors, Drupal | 2 Taxonomy View Integrator Module, Drupal | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to "views pages." | |||||
| CVE-2012-1624 | 2 Drupal, Lingotek | 2 Drupal, Lingotek | 2017-08-29 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating or (2) editing page content. | |||||
| CVE-2012-1628 | 2 63reasons, Drupal | 2 Supercron, Drupal | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the SuperCron module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1657 | 2 Drupal, Fourkitchens | 2 Drupal, Block Class | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name. | |||||
| CVE-2012-1658 | 2 Drupal, Fourkitchens | 2 Drupal, Ed Readmore | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1629 | 2 Dmitry Loac, Drupal | 2 Taxotouch, Drupal | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxotouch module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1630 | 2 Drupal, Nestor Mata Cuthbert | 2 Drupal, Taxonomy Navigator | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1634 | 2 Drupal, Hans Nilsson | 2 Drupal, Video Filter | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EMBEDLOOKUP parameter for Blip.tv links. | |||||
| CVE-2012-1781 | 1 Socialcms | 1 Socialcms | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ajax/commentajax.php in SocialCMS 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) TREF_email_address or (2) TR_name parameters. | |||||
| CVE-2012-1789 | 1 Tskynet | 1 Kongreg8 | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kongreg8 1.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) surname or (2) firstname parameters to modules/members/addmember.php; or (3) groupdescription or (4) groupname parameters to modules/groups/addgroupform.php. | |||||
| CVE-2012-1834 | 1 Cms Tree Page View Project | 1 Cms Tree Page View | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php. | |||||
| CVE-2012-1899 | 1 Nikola Posa | 1 Webfoliocms | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in webfolio/admin/users/edit in Webfolio CMS 1.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name, (2) Last name or (3) Email (required) fields. | |||||
| CVE-2012-1935 | 1 Sourcefabric | 1 Newscoop | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php. | |||||
| CVE-2012-1912 | 1 Chatelao | 1 Php Address Book | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566. | |||||
| CVE-2012-1979 | 1 Syndeocms | 1 Syndeocms | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action. | |||||
| CVE-2012-1982 | 1 Socialcms | 1 Socialcms | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in my_admin/admin1_list_pages.php in SocialCMS 1.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the TR_title parameter in an edit action. | |||||
| CVE-2012-2066 | 2 Ckeditor, Drupal | 3 Ckeditor, Fckeditor, Drupal | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2059 | 2 Drupal, Steve Lockwood | 2 Drupal, Ticketyboo News Ticker | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2060 | 2 Drupal, Nijskens Raf | 2 Drupal, Admintools | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2068 | 2 Drupal, Tiger-fish | 2 Drupal, Fancy Slide | 2017-08-29 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) node_title or (2) nodequeue_title parameter. | |||||
| CVE-2012-2070 | 2 Andrew Levine, Drupal | 2 Multiblock, Drupal | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title. | |||||
| CVE-2012-2071 | 2 Drupal, Geoff Davies | 2 Drupal, Contact Forms | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2072 | 2 Drupal, Patrick Przybilla | 2 Drupal, Addtoany | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2075 | 2 Drupal, Steindom | 2 Drupal, Contact Save | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2076 | 2 Drupal, Rob Loach | 2 Drupal, Sharethis | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2082 | 1 Chaos Tool Suite Project | 1 Ctools | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature. | |||||
| CVE-2012-2084 | 2 Drupal, Joao Ventura | 2 Drupal, Print | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATH_INFO. | |||||
| CVE-2012-2094 | 1 Openstack | 1 Horizon | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console. | |||||
| CVE-2012-2099 | 1 Wikidforum | 1 Wikidforum | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search. | |||||
| CVE-2012-2112 | 1 Typo3 | 1 Typo3 | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages. | |||||
| CVE-2012-2117 | 2 Drupal, Yaniv Aran-shamir | 2 Drupal, Gigya | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||