Search Results (47370 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5325 2 Cartpauj, Wordpress 2 Shortcode-redirect, Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag.
CVE-2009-4649 1 Geccbblite 1 Geccbblite 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1 allow remote attackers to inject arbitrary web script or HTML via the postatoda parameter to (1) rispondi.php and (2) scrivi.php, which is not properly handled in forum.php.
CVE-2013-1880 2 Apache, Redhat 2 Activemq, Fuse Mq Enterprise 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.
CVE-2010-4823 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via "missing URL actions."
CVE-2010-4821 1 Phpmyfaq 1 Phpmyfaq 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2012-5330 1 Nasir Khan 1 Asaancart 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php, or (4) index.php in libs/smarty_ajax/; or the (5) page parameter to libs/smarty_ajax/index.php.
CVE-2012-5346 2 Bencemeszaros, Wordpress 2 Wp-livephp, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information.
CVE-2013-4759 1 Magnolia-cms 2 Magnolia Cms, Magnolia Form Module 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html.
CVE-2013-6808 1 Zend 1 Zendto 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.
CVE-2011-2369 1 Mozilla 1 Firefox 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity.
CVE-2012-5452 1 Intelliants 1 Subrion Cms 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2.
CVE-2010-1742 1 Satyadeep 1 Scratcher 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote attackers to inject arbitrary web script or HTML via the show parameter.
CVE-2012-1640 2 Alquimia, Drupal 2 Managesite, Drupal 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Managesite module 6.x-1.x before 6.1-1.1 for Drupal allow remote authenticated users with "administer managesite" permissions to inject arbitrary web script or HTML via the title parameter when (1) adding or (2) updating a category.
CVE-2012-3872 1 Openconstructor Project 1 Openconstructor 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.
CVE-2013-0010 1 Microsoft 1 System Center Operations Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
CVE-2010-1361 1 Glarotech 1 Phpeppershop 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in shop/USER_ARTIKEL_HANDLING_AUFRUF.php in PHPepperShop 2.5 allows remote attackers to inject arbitrary web script or HTML via the darstellen parameter.
CVE-2014-0673 1 Cisco 1 Video Surveillance Indoor Fixed Dome Ip Hd Camera 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Cisco Video Surveillance 5000 HD IP Dome cameras allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCud10943 and CSCud10950.
CVE-2010-2277 1 Ibm 1 Lotus Connections 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component.
CVE-2014-0670 1 Cisco 1 Mediasense 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686.
CVE-2011-0047 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability."