Search Results (47368 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-0640 1 Ca 1 Ehealth Performance Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request.
CVE-2011-3978 1 Lightneasy 1 Lightneasy 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page.
CVE-2013-2314 1 Lockon 1 Ec-cube 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated with the management screen.
CVE-2011-2342 1 Google 1 Chrome 2025-04-11 N/A
The DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2012-5296 1 Mavili Guestbook Project 1 Mavili Guestbook 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approve.asp, (2) delete.asp, (3) edit.asp, or (4) edit2.asp.
CVE-2012-5050 1 Vmware 1 Vcenter Operations 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-2311 1 Web2py 1 Web2py 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in static/js/share.js (aka the social bookmarking widget) in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4998 1 Starcms 1 Starcms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in index.php in starCMS allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2011-2771 1 Mahara 1 Mahara 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed.
CVE-2013-3375 1 Cisco 1 Prime Central For Hosted Collaboration Solution 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the portal page in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCue23798.
CVE-2012-2326 1 Mybb 1 Mybb 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment.
CVE-2012-4968 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976.
CVE-2012-4955 1 Dell 1 Openmanage Server Administrator 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-1614 1 Symantec 2 Security Information Manager, Security Information Manager Appliance 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-1607 1 Drupal 1 Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: this issue has been disputed by the Drupal Security Team; it may be site-specific. If so, then this CVE will be REJECTed in the future
CVE-2010-4589 1 Ibm 1 Enovia 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the emxFramework.FilterParameterPattern property.
CVE-2012-4932 1 Simple Invoices 1 Simple Invoices 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a manage action to index.php; (2) the Email field in an Add User action; (3) the Customer Name field in an Add Customer action; the (4) Street address, (5) Street address 2, (6) City, (7) Zip code, (8) State, (9) Country, (10) Mobile Phone, (11) Phone, (12) Fax, (13) Email, (14) PayPal business name, (15) PayPal notify url, (16) PayPal return url, (17) Eway customer ID, (18) Custom field 1, (19) Custom field 2, (20) Custom field 3, or (21) Custom field 4 field in an Add Biller action; (22) the Customer field in an Add Invoice action; the (23) Invoice or (24) Notes field in a Process Payment action; (25) the Payment type description field in a Payment Types action; (26) the Description field in an Invoice Preferences action; (27) the Description field in a Manage Products action; or (28) the Description field in a Tax Rates action.
CVE-2013-3372 1 Bestpractical 1 Rt 2025-04-11 N/A
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2012-4928 1 Oxwall 1 Oxwall 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter.
CVE-2012-4923 1 Endian 1 Firewall 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi.