Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1173 | 1 Torrenttrader | 2 Torrenttrader, Torrenttrader Classic | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2008-1061 | 1 Wordpress | 1 Sniplets Plugin | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php. | |||||
| CVE-2008-1180 | 1 Juniper | 1 Secure Access 2000 | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter. | |||||
| CVE-2008-1037 | 1 Packeteer | 2 Packetshaper, Policycenter | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page. | |||||
| CVE-2008-1045 | 1 Alkacon | 1 Opencms | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter. | |||||
| CVE-2008-1129 | 1 Xrms Crm | 1 Xrms | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/users/self.php in XRMS CRM allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2018-15183 | 1 Myperfectresume \/ Jobhero \/ Resume Clone Script Project | 1 Myperfectresume \/ Jobhero \/ Resume Clone Script | 2018-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 has Stored XSS via the Full Name and Title fields. | |||||
| CVE-2018-10569 | 1 Edimax | 2 Edimax Ew-7438rpn V2 Firmware, Ew-7438rpn Mini V2 | 2018-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field. | |||||
| CVE-2018-12587 | 1 German Spelling Dictionary Project | 1 German Spelling Dictionary | 2018-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability was found in valeuraddons German Spelling Dictionary v1.3 (an Opera Browser add-on). Instead of providing text for a spelling check, remote attackers may inject arbitrary web script or HTML via the ajax query parameter in the URL Address Bar. | |||||
| CVE-2018-14922 | 1 Monstra | 1 Monstra | 2018-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page. | |||||
| CVE-2011-0050 | 1 Cgiirc | 1 Cgi\ | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the nonjs interface (interfaces/nonjs.pm) in CGI:IRC before 0.5.10 allows remote attackers to inject arbitrary web script or HTML via the R parameter. | |||||
| CVE-2011-0005 | 1 Joomla | 2 Com Search, Joomla\! | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php. | |||||
| CVE-2014-3740 | 1 Spiceworks | 1 Spiceworks | 2018-10-10 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page. | |||||
| CVE-2010-5051 | 1 Razorcms | 1 Razorcms | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php. | |||||
| CVE-2010-4836 | 1 Phpshop | 1 Phpshop | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in register.html in PHPShop 2.1 EE and earlier allows remote attackers to inject arbitrary web script or HTML via the name_new parameter. | |||||
| CVE-2010-4907 | 1 Zenphoto | 1 Zenphoto | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. NOTE: the from parameter is already covered by CVE-2009-4562. | |||||
| CVE-2010-4882 | 1 Ventics | 1 Auto Cms | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in autocms.php in Auto CMS 1.6 allows remote attackers to inject arbitrary web script or HTML via the sitetitle parameter. | |||||
| CVE-2010-4783 | 1 Phpwebscripts | 1 Easy Banner Free | 2018-10-10 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters. | |||||
| CVE-2010-5002 | 1 Exponentcms | 1 Exponent Cms | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter. | |||||
| CVE-2010-4693 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php. | |||||
| CVE-2010-5025 | 1 Cutesite | 1 Cutesite Cms | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fld_path parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4868 | 1 W-agora | 1 W-agora | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter. | |||||
| CVE-2010-5030 | 1 Codefabrik | 1 Ecomat Cms | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Ecomat CMS 5.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter in a web action. | |||||
| CVE-2010-5046 | 1 Ecocms | 1 Ecocms | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in ecoCMS allows remote attackers to inject arbitrary web script or HTML via the p parameter. | |||||
| CVE-2010-5048 | 2 Joomla, Joomlatune | 2 Joomla\!, Com Jcomments | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php. | |||||
| CVE-2010-4402 | 2 Devbits, Wordpress | 2 Register-plus, Wordpress | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action. | |||||
| CVE-2010-4616 | 1 Impresscms | 1 Impresscms | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter. | |||||
| CVE-2010-4331 | 1 Seopanel | 1 Seopanel | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b) controllers/settings.ctrl.php. | |||||
| CVE-2010-4874 | 1 Ninkobb | 1 Ninkobb | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) msn, or (4) aim parameter. | |||||
| CVE-2010-4513 | 1 Zimplit | 1 Zimplit Cms | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php. | |||||
| CVE-2010-4880 | 1 Apphp | 1 Apphp Calendar | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to inject arbitrary web script or HTML via the (1) category_name, (2) category_description, (3) event_name, or (4) event_description parameter. | |||||
| CVE-2010-4848 | 1 Axscripts | 1 Axslinks | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in addlink.php in AXScripts AxsLinks 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) title parameter. | |||||
| CVE-2010-4828 | 1 Solarwinds | 1 Orion Network Performance Monitor | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and the (4) ChartName parameter to CustomChart.aspx. | |||||
| CVE-2010-4358 | 1 Mrcgiguy | 1 Guestbook | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in MRCGIGUY (MCG) Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) website, and (4) message parameters. | |||||
| CVE-2010-4322 | 1 Novell | 1 Vibe Onprem | 2018-10-10 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field. | |||||
| CVE-2010-4930 | 1 Atmail | 1 Webmail | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail before 6.2.0 allows remote attackers to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action. | |||||
| CVE-2010-4408 | 1 Apache | 1 Archiva | 2018-10-10 | 6.8 MEDIUM | N/A |
| Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449. | |||||
| CVE-2010-4407 | 1 Alberto Pittoni | 1 Alguest | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (message), and (3) link (homepage) parameters. | |||||
| CVE-2010-4277 | 2 Jovelstefan, Wordpress | 2 Embedded-video, Wordpress | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lembedded-video.php in the Embedded Video plugin 4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the content parameter to wp-admin/post.php. | |||||
| CVE-2010-4172 | 1 Apache | 1 Tomcat | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications. | |||||
| CVE-2010-4097 | 1 Avatic | 1 Aardvark Topsites Php | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4) url parameters. NOTE: the q parameter is already covered by CVE-2009-2302. | |||||
| CVE-2010-3977 | 2 Deliciousdays, Wordpress | 2 Cforms, Wordpress | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters. | |||||
| CVE-2010-3854 | 1 Apache | 1 Couchdb | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3890 | 1 Ibm | 1 Omnifind | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do. | |||||
| CVE-2010-3463 | 1 Santafox | 1 Santafox | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/search/search.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the search parameter to search.html. | |||||
| CVE-2010-3455 | 1 Atutor | 1 Achecker | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in AChecker 1.0 allows remote attackers to inject arbitrary web script or HTML via the uri parameter. | |||||
| CVE-2010-3201 | 1 Netwin | 1 Surgemail | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program. | |||||
| CVE-2010-3274 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action. | |||||
| CVE-2010-3266 | 1 Ifdefined | 1 Bugtracker.net | 2018-10-10 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the id parameter to edit_user_permissions2.aspx, or (4) the default_name parameter to edit_customfield.aspx. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3262 | 1 Flock | 1 Flock | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before 3.0.0.4114 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | |||||