Total
29022 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-1749 | 1 Chatelao | 1 Php Address Book | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field. | |||||
CVE-2012-0132 | 2 Hp, Microsoft | 2 Business Availability Center, Windows | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 9.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-3423 | 1 Cisco | 1 Secure Access Control System | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCud75174. | |||||
CVE-2013-0582 | 1 Ibm | 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a SAML 2.0 response. | |||||
CVE-2012-5053 | 1 Trimble | 7 Infrastructure Gnss Series Receiver Firmware, Infrastructure Gnss Series Receiver Netr3, Infrastructure Gnss Series Receiver Netr5 and 4 more | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-1624 | 2 Drupal, Lingotek | 2 Drupal, Lingotek | 2024-02-04 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating or (2) editing page content. | |||||
CVE-2013-4705 | 1 Opera | 1 Opera Browser | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding. | |||||
CVE-2012-5899 | 1 Samedia | 1 Landshop | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit action. NOTE: some of these details are obtained from third party information. | |||||
CVE-2013-5020 | 1 Minibb | 1 Minibb | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) forum_icon, or (4) forum_desc parameter. NOTE: the whatus vector is already covered by CVE-2008-2066. | |||||
CVE-2012-6463 | 1 Opera | 1 Opera Browser | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs. | |||||
CVE-2012-1652 | 3 Drupal, Wim Leers, Wimleers | 3 Drupal, Hierarchical Select, Hierarchical Select | 2024-02-04 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text." | |||||
CVE-2012-3316 | 1 Ibm | 7 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 4 more | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-0466 | 1 Ibm | 1 Websphere Message Broker | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject arbitrary web script or HTML via a wsdl request that is not properly handled during construction of an error message. | |||||
CVE-2012-5666 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php. | |||||
CVE-2013-1742 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) sortkey parameter. | |||||
CVE-2012-2913 | 2 Mapsmarker, Wordpress | 2 Leaflet Maps Marker Plugin, Wordpress | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php. | |||||
CVE-2012-4912 | 1 Novell | 1 Groupwise | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message. | |||||
CVE-2011-5263 | 1 Sap | 1 Netweaver | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. | |||||
CVE-2011-5184 | 1 Hp | 1 Network Node Manager I | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attackers to inject arbitrary web script or HTML via the (1) node parameter to nnm/mibdiscover; (2) nodename parameter to nnm/protected/configurationpoll.jsp, (3) nnm/protected/ping.jsp, (4) nnm/protected/statuspoll.jsp, or (5) nnm/protected/traceroute.jsp; or (6) field parameter to nmm/validate. NOTE: this might be a duplicate of CVE-2011-4155 or CVE-2011-4156. | |||||
CVE-2013-5309 | 2 Fudforum, Ilia Alshanetsky | 2 Fudforum, Fudforum | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information. |