Search Results (47297 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4396 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php.
CVE-2011-1504 1 Liferay 1 Portal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.
CVE-2012-4352 1 Stone-ware 1 Webnetwork 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork 6.1 before SP1 allow remote attackers to inject arbitrary web script or HTML via the blogName parameter to (1) community/blog.jsp or (2) community/blogSearch.jsp, the (3) calendarType or (4) monthNumber parameter to community/calendar.jsp, or the (5) flag parameter to swDashboard/ajax/setAppFlag.jsp.
CVE-2012-4342 1 Menalto 1 Gallery 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1510 1 Manageengine 1 Servicedesk Plus 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.
CVE-2013-0328 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1996 1 Tomatocms 1 Tomatocms 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with certain creation privileges, to inject arbitrary web script or HTML via the (1) content parameter in conjunction with a /admin/poll/add PATH_INFO, the (2) meta parameter in conjunction with a /admin/category/add PATH_INFO, and the (3) keyword parameter in conjunction with a /admin/tag/add PATH_INFO.
CVE-2012-4437 1 Smarty 1 Smarty 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception.
CVE-2011-1524 1 Symantec 1 Liveupdate Administrator 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545.
CVE-2012-4590 1 Mcafee 1 Enterprise Mobility Manager 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 might allow remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Connection variable.
CVE-2012-4268 2 Ait-pro, Wordpress 2 Bulletproof-security, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_ACCEPT_ENCODING header.
CVE-2012-4263 2 Bit51, Wordpress 2 Better-wp-security, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header.
CVE-2012-4602 1 Tecnick 1 Tcexam 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter.
CVE-2010-2030 2 Alan Palazzolo, Drupal 2 External Link Page, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the External Link Page module 5.x before 5.x-1.0 and 6.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the administration and redirect pages.
CVE-2012-4259 1 C4b 1 Xphone Unified Communications 2011 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allows remote attackers to inject arbitrary web script or HTML via the company name. NOTE: some of these details are obtained from third party information.
CVE-2012-4612 1 Emc 2 Rsa Data Protection Manager Appliance, Rsa Data Protection Manager Software Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2049 1 Manageengine 1 Adaudit Plus 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-4251 1 Mysqldumper 1 Mysqldumper 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.
CVE-2012-4547 1 Laurent Destailleur 1 Awstats 2025-04-11 N/A
Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.
CVE-2010-2086 2 Apache, Redhat 2 Myfaces, Jboss Enterprise Web Server 2025-04-11 N/A
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.