Search Results (47456 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-3531 1 Typo3 1 Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0895 2 Tom Braider, Wordpress 2 Count Per Day, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.
CVE-2010-5018 1 2daybiz 1 Online Classified Script 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
CVE-2010-3317 1 Ibm 1 Filenet Content Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4536 1 Wordpress 1 Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.
CVE-2010-4762 1 Otrs 1 Otrs 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the "source code" feature in the customer interface.
CVE-2012-2914 1 Unijimpe 1 Captcha 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2012-4278 1 Rwcinc 1 Free Realty 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) notes parameter to (a) admin/agenteditor.php; (2) title, (3) previewdesc, (4) fulldesc, or (5) notes parameter (b) to agentadmin.php or (c) in an addlisting action to agentadmin.php; or unspecified vectors to (d) admin/adminfeatures.php.
CVE-2012-4267 1 Pu-gh 1 Sockso 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2011-1537 1 Hp 1 Proliant Support Pack 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2003-1586 1 Iplanet 1 Webexpert 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in WebExpert allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header.
CVE-2010-1332 1 Prettybook 1 Prettyformmail 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2316 1 Wmsdesign 1 Wmscms 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in default.asp in WmsCms 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) sbr, (3) p, and (4) sbl parameters, different vectors than CVE-2007-3137.
CVE-2013-7321 1 D-link 2 Dap 2253, Dap 2253 Firmware 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2274 1 Pivotx 1 Pivotx 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CVE-2011-3046 3 Apple, Google, Opensuse 4 Iphone Os, Safari, Chrome and 1 more 2025-04-11 N/A
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
CVE-2003-1584 1 Surfstats 1 Surfstats 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in SurfStats allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
CVE-2003-1585 1 Alentum 1 Weblog Expert 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
CVE-2012-1597 1 Ez 1 Ezjscore 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4262 1 Hccgmbh 1 Mycare2x 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php.