Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3852 | 2 Theme4press, Wordpress | 2 Evolve, Wordpress | 2012-05-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2011-3851 | 2 Devpress, Wordpress | 2 News, Wordpress | 2012-05-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | |||||
| CVE-2011-3689 | 1 Wibu | 1 Codemeter Webadmin | 2012-05-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter. | |||||
| CVE-2011-3856 | 2 Atastypixel, Wordpress | 2 Elegant Grunge, Wordpress | 2012-05-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2011-3855 | 2 Graphpaperpress, Wordpress | 2 F8 Lite, Wordpress | 2012-05-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2011-3686 | 1 Sonexis | 1 Conferencemanager | 2012-05-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, (6) email3, (7) sms, (8) sms_id, or (9) work parameter. | |||||
| CVE-2011-3371 | 1 Punbb | 1 Punbb | 2012-05-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php. | |||||
| CVE-2011-3858 | 2 Wordpress, Zespia | 2 Wordpress, Pixiv Custom | 2012-05-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2011-3859 | 2 Themehybrid, Wordpress | 2 Trending, Wordpress | 2012-05-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | |||||
| CVE-2011-3861 | 2 Webminimalist, Wordpress | 2 Web Minimalist 200901, Wordpress | 2012-05-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | |||||
| CVE-2011-3863 | 2 Post-scriptum, Wordpress | 2 Redline, Wordpress | 2012-05-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2011-3864 | 2 Somadesign, Wordpress | 2 The Erudite, Wordpress | 2012-05-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | |||||
| CVE-2011-3865 | 2 Ulyssesonline, Wordpress | 2 Black-letterhead, Wordpress | 2012-05-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | |||||
| CVE-2011-3010 | 1 Twiki | 1 Twiki | 2012-05-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin. | |||||
| CVE-2011-3857 | 2 Antisocialmediallc, Wordpress | 2 Antisnews, Wordpress | 2012-05-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2011-1221 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947. | |||||
| CVE-2009-5103 | 1 Atcom | 1 Netvolution | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable. | |||||
| CVE-2010-4966 | 1 Atcom | 1 Netvolution | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action. | |||||
| CVE-2010-4951 | 2 Thomas Mammitzsch, Typo3 | 2 Vx Xajax Shoutbox, Typo3 | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4947 | 1 Allpcscript | 1 Allpc | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | |||||
| CVE-2010-4932 | 1 Khader Abbeb | 1 Entrans | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Entrans before 0.3.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2011-0459 | 1 Cyber-ark | 1 Password Vault Web Access | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4892 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4890 | 2 Andreas Kiefer, Typo3 | 2 Ke Yac, Typo3 | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4886 | 2 Peter Proell, Typo3 | 2 Tweetbutton, Typo3 | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2661 | 1 Novell | 1 Groupwise | 2012-05-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter. | |||||
| CVE-2010-4885 | 2 Peter Proell, Typo3 | 2 Xing, Typo3 | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-4170 | 1 Gnome | 1 Empathy | 2012-05-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635. | |||||
| CVE-2011-4777 | 2 Microsoft, Parallels | 3 Windows 2003 Server, Windows Server 2008, Parallels Plesk Panel | 2012-05-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to inject arbitrary web script or HTML via the login parameter to preferences.html. | |||||
| CVE-2012-1807 | 1 Koyo | 8 H0-ecom, H0-ecom100, H2-ecom and 5 more | 2012-04-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1036 | 1 Dotnetnuke | 1 Dotnetnuke | 2012-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message. | |||||
| CVE-2012-1030 | 1 Dotnetnuke | 1 Dotnetnuke | 2012-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup. | |||||
| CVE-2009-1702 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2012-03-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects. | |||||
| CVE-2012-1782 | 1 Osqa | 1 Osqa | 2012-03-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar. | |||||
| CVE-2012-0404 | 1 Emc | 1 Documentum Eroom | 2012-03-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-0688 | 1 Tibco | 5 Activematrix Bpm, Activematrix Businessworks Service Engine, Activematrix Service Bus and 2 more | 2012-03-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-4264 | 1 Etomite | 1 Etomite | 2012-03-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-4054 | 1 Ca | 1 Siteminder | 2012-03-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter. | |||||
| CVE-2011-4265 | 1 Phpwebsite | 1 Phpwebsite | 2012-03-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1410 | 1 Kadu | 1 Kadu | 2012-02-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description. | |||||
| CVE-2012-1086 | 1 Typo3 | 2 Aeurltool, Typo3 | 2012-02-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1080 | 1 Typo3 | 2 Skt Eurocalc, Typo3 | 2012-02-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1081 | 2 Roderick Braun, Typo3 | 2 Ya Googlesearch, Typo3 | 2012-02-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1082 | 1 Typo3 | 2 Terminal, Typo3 | 2012-02-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1087 | 2 Bluechip, Typo3 | 2 Bc Post2facebook, Typo3 | 2012-02-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1208 | 1 Fork-cms | 1 Fork Cms | 2012-02-24 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index. | |||||
| CVE-2012-1000 | 1 Lepton-cms | 1 Lepton | 2012-02-24 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 and other versions before 1.1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to admins/login/forgot/index.php, or the (2) display_name or (3) email parameter to account/preferences.php. | |||||
| CVE-2012-1290 | 1 Sap | 1 Netweaver | 2012-02-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. | |||||
| CVE-2012-0873 | 1 Boonex | 1 Dolphin | 2012-02-24 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php. | |||||
| CVE-2012-1224 | 1 Contentlion | 1 Contentlion Alpha | 2012-02-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||