Search
Total
6403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-5282 | 1 Opentext | 1 Livelink Ecm | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx, and (5) support parameters to livelinkdav/nodes/OOB_DAVWindow.html. | |||||
| CVE-2010-4823 | 1 Silverstripe | 1 Silverstripe | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via "missing URL actions." | |||||
| CVE-2010-4821 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | |||||
| CVE-2010-4813 | 2 Category Tokens Project, Drupal | 2 Category Tokens, Drupal | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help. | |||||
| CVE-2011-2172 | 1 Ibm | 1 Websphere Portal | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4811 | 1 6kbbs | 1 6kbbs | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php in 6kbbs 8.0 build 20100901 allow remote attackers to inject arbitrary web script or HTML via the (1) user[msn], (2) user[email], and (3) user[phone] parameters in a modifyDetails action. | |||||
| CVE-2010-5192 | 1 Bluecoat | 16 Proxysg, Proxysg Sg210-10, Proxysg Sg210-25 and 13 more | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Java Management Console in Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2179 | 2 Icinga, Nagios | 2 Icinga, Nagios | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action. | |||||
| CVE-2010-5050 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2011-2226 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing. | |||||
| CVE-2011-2400 | 1 Hp | 1 Sitescope | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4960 | 2 Martin Hesse, Typo3 | 2 Mh Branchenbuch, Typo3 | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-5097 | 1 Typo3 | 1 Typo3 | 2017-08-29 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4956 | 2 Nadine Schwingler, Typo3 | 2 Ke Questionnaire, Typo3 | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-5095 | 1 Silverstripe | 1 Silverstripe | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before 2.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination. | |||||
| CVE-2010-4896 | 1 Expinion.net | 1 Member Management System | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.asp in Member Management System 4.0 allows remote attackers to inject arbitrary web script or HTML via the REF_URL parameter. | |||||
| CVE-2013-4204 | 1 Google | 1 Web Toolkit | 2017-08-24 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit (GWT) before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1726 | 1 Hp | 1 Sitescope | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1533 | 1 Hp | 7 Envy 100 D410, Photosmart B110, Photosmart D110 and 4 more | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1414 | 1 Tibco | 2 Tibbr, Tibbr Service | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the tibbr web server, as used in TIBCO tibbr 1.0.0 through 1.5.0 and tibbr Service 1.0.0 through 1.5.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1518 | 1 Otrs | 1 Otrs | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.4.x before 2.4.10 and 3.x before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1308 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1405 | 1 Mahara | 1 Mahara | 2017-08-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php. | |||||
| CVE-2011-1689 | 1 Bestpractical | 1 Rt | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1362 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1308. | |||||
| CVE-2011-1714 | 2 Eyeos, Qooxdoo | 2 Eyeos, Qooxdoo | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter. | |||||
| CVE-2011-1357 | 1 Ibm | 1 Websphere Service Registry And Repository | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||||
| CVE-2011-1360 | 1 Ibm | 1 Http Server | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1) manual/ibm/ and (2) htdocs/*/manual/ibm/. | |||||
| CVE-2011-1727 | 1 Hp | 1 Sitescope | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an "HTML injection" issue. | |||||
| CVE-2011-1371 | 1 Ibm | 1 Websphere Ilog Rule Team Server | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an Unknown Error document, a different vulnerability than CVE-2011-4171. | |||||
| CVE-2011-1662 | 2 Drupal, Icanlocalize | 2 Drupal, Translation Management | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1841 | 1 Mojolicious | 1 Mojolicious | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1862 | 1 Hp | 2 Service Center, Service Manager | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4637 | 2 Finalcut, Wordpress | 2 Feedlist, Wordpress | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. | |||||
| CVE-2010-4630 | 2 Fubra, Wordpress | 2 Wp-survey-and-quiz-tool, Wordpress | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2010-4570 | 1 Mozilla | 1 Bugzilla | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the duplicate-detection functionality in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the summary field, related to the DataTable widget in YUI. | |||||
| CVE-2010-4569 | 1 Mozilla | 1 Bugzilla | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI. | |||||
| CVE-2011-1029 | 1 Ibm | 1 Rational Team Concert | 2017-08-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report. | |||||
| CVE-2010-4567 | 1 Mozilla | 1 Bugzilla | 2017-08-17 | 4.3 MEDIUM | N/A |
| Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a (1) javascript: or (2) data: URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the URL (aka bug_file_loc) field. | |||||
| CVE-2011-1058 | 1 Moinmo | 1 Moinmoin | 2017-08-17 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4555 | 1 Squirrelmail | 1 Squirrelmail | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page. | |||||
| CVE-2010-4544 | 1 Ibm | 1 Lotus Notes Traveler | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4497 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4366 | 1 Abk-soft | 1 Chameleon Social Networking | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in forum_new_topic.php in Chameleon Social Networking allow remote attackers to inject arbitrary web script or HTML via the (1) thread_title and (2) thread_description parameters in a message. | |||||
| CVE-2011-0550 | 1 Symantec | 1 Endpoint Protection | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allow remote attackers to inject arbitrary web script or HTML via (1) the token parameter to portal/Help.jsp or (2) the URI in a console/apps/sepm request. | |||||
| CVE-2010-4364 | 1 Dadabik | 1 Dadabik | 2017-08-17 | 4.3 MEDIUM | N/A |
| DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does not include the htmLawed library, which allows remote attackers to bypass the protection mechanism for CVE-2010-4355 and conduct cross-site scripting (XSS) attacks via the (1) html content and (2) rich_editor fields. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4355 | 1 Dadabik | 1 Dadabik | 2017-08-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, when the insert or edit feature is enabled, allows remote authenticated users to inject arbitrary web script or HTML via the select_single parameter. | |||||
| CVE-2010-4324 | 1 Novell | 2 Identity Manager, Identity Manager Roles Based Provisioning Module | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-0455 | 1 Thingslabo | 2 Bbs Thread, Things Bbs | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Things BBS before 2.0.3 and BBS Thread before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4275 | 1 Dmasoftlab | 1 Radius Manager | 2017-08-17 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to admin.php. | |||||