| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter. |
| Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815. |
| Pinboard 1.0.6 theme for Wordpress has XSS. |
| Katello: Username in Notification page has cross site scripting |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194. |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195. |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195. |
| Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Havalite CMS 1.1.7 has a stored XSS vulnerability |
| Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*. |
| The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491. |
| The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562. |
| The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links. |
| The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header. |
| The count-per-day plugin before 3.2.3 for WordPress has XSS via search words. |
| The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues. |
| jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. |
| Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module before 1.0.8 for vBulletin when creating a new monster, allow remote attackers to inject arbitrary web script or HTML via the (1) monster[title] or (2) monster[description] parameters. |
| Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php. |
