Total
29016 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-6074 | 2 Cloudbees, Jenkins | 2 Jenkins, Jenkins | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-2076 | 2 Drupal, Rob Loach | 2 Drupal, Sharethis | 2024-02-04 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-2648 | 2 Apple, Goodiware | 4 Ipad, Iphone Os, Ipod Touch and 1 more | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser. | |||||
CVE-2013-4014 | 1 Ibm | 1 Maximo Asset Management | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-5903 | 1 Simple Machines | 1 Smf | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php. | |||||
CVE-2013-1711 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-04 | 4.3 MEDIUM | N/A |
The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object. | |||||
CVE-2013-6901 | 2 Cybozu, Mozilla | 2 Garoon, Firefox | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-4833 | 1 Hp | 1 Service Manager | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-0587 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme. | |||||
CVE-2009-5031 | 2 Opensuse, Trustwave | 2 Opensuse, Modsecurity | 2024-02-04 | 4.3 MEDIUM | N/A |
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header. | |||||
CVE-2013-7279 | 2 Anthony Mills, Wordpress | 2 S3 Video, Wordpress | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter. | |||||
CVE-2012-2604 | 1 Bradfordnetworks | 2 Network Sentry Appliance, Network Sentry Appliance Software | 2024-02-04 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp in the Guest/Contractor access component in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields. | |||||
CVE-2013-2023 | 1 Happyworm | 1 Jplayer | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to incomplete blacklists, a different vulnerability than CVE-2013-1942 and CVE-2013-2022. | |||||
CVE-2012-2083 | 2 Drupal, Fusiondrupalthemes | 2 Drupal, Fusion | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
CVE-2012-4825 | 1 Ibm | 1 Lotus Notes Traveler | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action. | |||||
CVE-2013-5930 | 1 Real-estate-php-script | 1 Real Estate Php Script | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search_residential.php in Real Estate PHP Script allows remote attackers to inject arbitrary web script or HTML via the bos parameter. | |||||
CVE-2012-0988 | 1 Jam Warehouse | 1 Knowledgetree Open Source | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in config/dmsDefaults.php in KnowledgeTree 3.7.0.2 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) login.php, (2) admin.php, or (3) preferences.php. | |||||
CVE-2012-2154 | 2 Drupal, Kyle Browning | 2 Drupal, Cdn2 Video | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-1254 | 1 Segue Project | 1 Segue | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-4246 | 1 Phplist | 1 Phplist | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page. |