Search Results (47298 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-1453 2 Matomo, Piwik 2 Matomo, Piwik 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the form_url parameter.
CVE-2013-4045 1 Ibm 1 Spss Collaboration And Deployment Services 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5695 1 Opsview 1 Opsview 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/auditlog/, (2) PATH_INFO to info/host/ or (3) viewport/, (4) back parameter to login, or (5) "from" parameter to status/service/recheck.
CVE-2013-4716 1 Tattyan 1 Tattyan Hptown 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2013-1160 1 Cisco 1 Prime Central For Hosted Collaboration Solution 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the OpenView web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud56743.
CVE-2011-4776 2 Microsoft, Parallels 3 Windows 2003 Server, Windows Server 2008, Parallels Plesk Panel 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/update/settings/ and certain other files.
CVE-2013-0477 1 Ibm 2 Infosphere Master Data Management Collaboration Server, Infosphere Master Data Management Server For Product Information Management 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allow remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors.
CVE-2013-0468 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-2983.
CVE-2013-2031 2 Gentoo, Mediawiki 2 Linux, Mediawiki 2025-04-11 N/A
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.
CVE-2013-1471 1 Fortinet 6 Fortimail, Fortimail-2000b, Fortimail-200d and 3 more 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section.
CVE-2012-3302 1 Ibm 1 Lotus Domino 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server.
CVE-2013-6395 1 Ganglia 1 Ganglia-web 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.
CVE-2013-4625 2 Cory Lamle, Wordpress 2 Duplicator, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.
CVE-2013-5379 1 Ibm 1 Websphere Portal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality.
CVE-2011-5194 2 Phpace, Wordpress 2 Samswhois, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin before 1.4.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vulnerability than CVE-2011-5193.
CVE-2011-3254 1 Apple 1 Iphone Os 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.
CVE-2009-4678 1 Winn 1 Winn Guestbook 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2013-1470 1 Geeklog 1 Geeklog 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendar_type parameter to submit.php.
CVE-2012-2975 1 F5 1 Application Security Manager Appliance 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0 through 11.2.0 HF2 allows remote attackers to inject arbitrary web script or HTML via crafted requests that are later listed on a summary page.
CVE-2012-0846 1 K5n 1 Webcalendar 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable.