Search Results (47413 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4956 2 Typo3, Wapplersystems 2 Typo3, Ws Stats 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-0767 1 Imperva 1 Securesphere Web Application Firewall 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759.
CVE-2014-0811 1 Blackboard 1 Vista\/ce 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 SP6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-0812 2 Kent-web, Microsoft 2 Joyful Note, Internet Explorer 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-0962 1 Apple 1 Iphone Os 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.
CVE-2011-0962 1 Cisco 1 Unified Operations Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.
CVE-2013-1778 2 Devsaran, Drupal 2 Creative, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons.
CVE-2013-1779 2 Devsaran, Drupal 2 Fresh, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Fresh theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-1780 2 Devsaran, Drupal 2 Best Responsive, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons.
CVE-2013-1942 2 Happyworm, Owncloud 3 Jplayer, Owncloud, Owncloud Server 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.
CVE-2013-1972 2 Alexey Sukhotin, Drupal 2 Elfinder, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors.
CVE-2012-1965 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-11 N/A
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.
CVE-2010-0452 1 Hp 2 Hp-ux, Project And Portfolio Management Center 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in HP Project and Portfolio Management Center (PPMC, formerly Mercury IT Governance) 7.1 through SP10 and 7.5 through SP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-2181 1 Monkey-project 1 Monkey 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name.
CVE-2012-2064 2 Drupal, Mark Theunissen 2 Drupal, Views Lang Switch 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2013-1034 1 Apple 1 Os X Server 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-2209 1 Reviewboard 1 Review Board 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name.
CVE-2010-0640 1 Ca 1 Ehealth Performance Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request.
CVE-2011-2342 1 Google 1 Chrome 2025-04-11 N/A
The DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2012-2326 1 Mybb 1 Mybb 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment.