Search Results (47447 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6459 2 Mislav Marohnic, Redhat 3 Will Paginate, Satellite, Satellite Capsule 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.
CVE-2010-3012 1 Hp 1 System Management Homepage 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error.
CVE-2013-5583 1 Joomla 1 Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2010-3094 1 Drupal 1 Drupal 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.
CVE-2012-5545 2 Drupal, Rob Loach 2 Drupal, Sharethis 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 for Drupal allow remote authenticated users with the "administer sharethis" permission to inject arbitrary web script or HTML via unspecified vectors related to "JavaScript settings."
CVE-2010-4748 1 Pmwiki 1 Pmwiki 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information.
CVE-2010-3025 1 Tomaz-muraus 1 Open Blog 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) excerpt parameter to application/modules/admin/controllers/posts.php, as reachable by admin/posts/edit; and the (2) content parameter to application/modules/admin/controllers/pages.php, as reachable by admin/posts/edit.
CVE-2012-4872 1 Kayako 1 Kayako Fusion 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description.
CVE-2012-4871 1 Litespeedtech 1 Litespeed Web Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
CVE-2012-3031 1 Siemens 2 Simatic Pcs7, Wincc 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header.
CVE-2010-4734 1 Amix 1 Skeletonz Cms 1.0 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information.
CVE-2010-4101 1 Hp 1 Insight Recovery 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP Insight Recovery before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-5538 2 Drupal, Nathan Haug 2 Drupal, Filefield Sources 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
CVE-2012-2872 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-2661 1 Novell 1 Groupwise 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter.
CVE-2012-4848 1 Ibm 1 Lotus Foundations Start 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users user-attribute field, as demonstrated by the (1) First Name or (2) Last Name field.
CVE-2012-2918 1 Chevereto 1 Chevereto 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.
CVE-2010-3056 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.
CVE-2012-2935 1 Oscommerce 1 Online Merchant 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059.
CVE-2012-2984 1 Websense 1 Websense Content Content Gateway 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Gateway before 7.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) item parameter.