Search Results (47298 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-2477 1 Icinga 1 Icinga 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a check-host-alive! sequence, a different vulnerability than CVE-2011-2179.
CVE-2012-3508 1 Roundcube 1 Webmail 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.
CVE-2011-2476 1 Coppermine-gallery 1 Coppermine Photo Gallery 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667.
CVE-2012-1098 1 Rubyonrails 2 Rails, Ruby On Rails 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.
CVE-2012-0974 1 Juan Ramon 1 Osclass 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sCity, (2) sPattern, (3) sPriceMax, and (4) sPriceMin parameters in a search action to index.php.
CVE-2012-1246 1 Webcreate 1 Web Mart 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie.
CVE-2012-0340 1 Cisco 1 Ironport Encryption Appliance 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410.
CVE-2012-0324 2 Cloudbees, Jenkins 2 Jenkins, Jenkins 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.
CVE-2012-3507 1 Roundcube 1 Webmail 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.
CVE-2012-3503 4 Cloudforms Systemengine, Redhat, Rhel Sam and 1 more 4 1, Enterprise Linux Server, 1.1 and 1 more 2025-04-11 9.8 Critical
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
CVE-2012-0313 1 Glucose 1 Glucose 2 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 allows remote attackers to inject arbitrary web script or HTML via an RSS feed.
CVE-2012-0307 1 Symantec 1 Messaging Gateway 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content.
CVE-2010-4978 1 Nicholas Berry 1 Candid 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the image_id parameter.
CVE-2012-3396 1 Moodle 1 Moodle 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365.
CVE-2012-3393 1 Moodle 1 Moodle 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository.
CVE-2010-4971 2 Joomla, Videowhisper 2 Joomla\!, Php 2 Way Video Chat 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php.
CVE-2012-3389 1 Moodle 1 Moodle 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter.
CVE-2011-2444 7 Adobe, Apple, Google and 4 more 7 Flash Player, Mac Os X, Android and 4 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.
CVE-2012-0225 1 Invensys 1 Wonderware Information Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-2410 1 Hp 1 Openview Performance Insight 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.