Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1838 | 1 Twiki | 1 Twiki | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script. | |||||
| CVE-2011-2544 | 1 Cisco | 3 Telepresence Mxp Software, Telepresence System 1000 Mxp, Telepresence System 1700 Mxp | 2018-10-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488. | |||||
| CVE-2011-1825 | 1 Ca | 1 Arcot Webfort Versatile Authentication Server | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2743 | 1 Chyrp | 1 Chyrp | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) includes/javascript.php, or the (3) title or (4) body parameter to admin/help.php. | |||||
| CVE-2011-2712 | 1 Apache | 1 Wicket | 2018-10-09 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2011-1899 | 1 Ca | 1 Ehealth | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2011-1524 | 1 Symantec | 1 Liveupdate Administrator | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545. | |||||
| CVE-2011-1671 | 1 Getontracks | 1 Tracks | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in app/controllers/todos_controller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to todos/tag/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1668 | 1 Awcm-cms | 1 Ar Web Content Manager | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in AR Web Content Manager (AWCM) 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2011-1510 | 1 Manageengine | 1 Servicedesk Plus | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. | |||||
| CVE-2011-1670 | 1 A.kulikov | 1 Interra Blog Machine | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit. | |||||
| CVE-2011-1716 | 1 Xymon | 1 Xymon | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1723 | 1 Redmine | 1 Redmine | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1660 | 1 Grapecity | 1 Data Dynamics Reports | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web script or HTML via (1) the reportName or (2) uniqueId parameter to CoreViewerInit.js, or the (3) uniqueId or (4) traceLevel parameter to CoreController.js, as reachable by CoreHandler.ashx. | |||||
| CVE-2011-1427 | 1 Kodak | 1 Insite | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Language parameter to Pages/login.aspx, (2) HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or (3) User-Agent header to troubleshooting/speedtest.asp. | |||||
| CVE-2011-1168 | 1 Kde | 1 Kde Sc | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site. | |||||
| CVE-2011-1422 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2011-1063 | 1 Cherry-software | 1 Photopad | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cherry-Design Photopad 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data[title] parameters in an edit action to files.php, or (3) id parameter in a view action to gallery.php. | |||||
| CVE-2011-1077 | 1 Apache | 1 Archiva | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1038 | 1 Ibm | 1 Lotus Sametime | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString parameter in a WebMessage action or (2) the PATH_INFO. | |||||
| CVE-2011-1423 | 1 Emc | 1 Data Loss Prevention Enterprise Manager | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-0508 | 1 Contao | 1 Contao Cms | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP X_FORWARDED_FOR header, which is stored by system/libraries/Environment.php but not properly handled by a comments action to main.php. | |||||
| CVE-2011-0772 | 1 Pivotx | 1 Pivotx | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php. | |||||
| CVE-2011-0504 | 1 Vamshop | 1 Vam Shop | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to admin/orders.php, (2) search parameter to admin/customers.php, or (3) STORE_NAME parameter to admin/configuration.php. | |||||
| CVE-2011-0486 | 1 Ibm | 1 Cognos 8 Business Intelligence | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 Business Intelligence (BI) 8.4.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via the pathinfo parameter. | |||||
| CVE-2011-0533 | 1 Apache | 2 Archiva, Continuum | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table. | |||||
| CVE-2018-15184 | 1 Naukri Clone Script Project | 1 Naukri Clone Script | 2018-10-09 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Stored XSS via the USERNAME field, a related issue to CVE-2018-6795. | |||||
| CVE-2016-8527 | 1 Hp | 1 Airwave | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser. | |||||
| CVE-2018-15190 | 1 Hotel Booking Script Project | 1 Hotel Booking Script | 2018-10-06 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field. | |||||
| CVE-2018-15189 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile. | |||||
| CVE-2018-14503 | 1 Coremail | 1 Coremail Xt | 2018-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | |||||
| CVE-2018-14837 | 1 Wolfcms | 1 Wolf Cms | 2018-10-05 | 3.5 LOW | 4.8 MEDIUM |
| Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI. | |||||
| CVE-2016-4392 | 1 Hp | 1 Business Service Management | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1. | |||||
| CVE-2018-15182 | 1 Car Rental Script Project | 1 Car Rental Script | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields. | |||||
| CVE-2018-15130 | 1 Thinksaas | 1 Thinksaas | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter. | |||||
| CVE-2017-8991 | 1 Hp | 1 Centralview Fraud Risk Management | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| HPE has identified a cross site scripting (XSS) vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | |||||
| CVE-2018-7075 | 1 Hp | 1 Intelligent Management Center | 2018-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version. | |||||
| CVE-2018-15129 | 1 Thinksaas | 1 Thinksaas | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter. | |||||
| CVE-2018-15169 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter. | |||||
| CVE-2016-4400 | 1 Hp | 1 Network Node Manager I | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | |||||
| CVE-2016-4399 | 1 Hp | 1 Network Node Manager I | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | |||||
| CVE-2018-12943 | 1 Seeddms | 1 Seeddms | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2006-3756 | 1 Geeklog | 1 Geeklog | 2018-10-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6). | |||||
| CVE-2018-13055 | 1 Mantisbt | 1 Mantisbt | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. | |||||
| CVE-2016-4406 | 1 Hp | 3 Integrated Lights-out, Integrated Lights-out 3 Firmware, Integrated Lights-out 4 Firmware | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44. | |||||
| CVE-2018-14964 | 1 Emlsoft Project | 1 Emlsoft | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page. | |||||
| CVE-2018-14962 | 1 Zzcms | 1 Zzcms | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php. | |||||
| CVE-2017-12614 | 1 Apache | 1 Airflow | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above. | |||||
| CVE-2018-14869 | 1 Php Template Store Script Project | 1 Php Template Store Script | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile. | |||||
| CVE-2018-15199 | 1 Auracms | 1 Auracms | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action. | |||||