Total
28965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3854 | 1 Apache | 1 Couchdb | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-2535 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens. | |||||
| CVE-2012-1006 | 1 Apache | 1 Struts | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders. | |||||
| CVE-2009-4570 | 1 Phpshop | 1 Phpshop | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in an order/order_print action to the default URI. | |||||
| CVE-2010-5054 | 1 Jamwiki | 1 Jamwiki | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Special:Login in JAMWiki before 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2012-0399 | 1 Rsa | 1 Envision | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1030 | 1 Ibm | 1 Lotus Connections | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page scene." | |||||
| CVE-2009-4717 | 1 Gonafish | 1 Webstatcaffe | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the (1) host parameter to stat/host.php, nodayshow parameter to (2) mostvisitpage.php and (3) visitorduration.php in stat/, (4) nopagesmost parameter to stat/mostvisitpagechart.php, and date parameter to (5) pageviewers.php, (6) pageviewerschart.php, and (7) referer.php in stat/. | |||||
| CVE-2010-2230 | 1 Moodle | 1 Moodle | 2024-02-04 | 4.0 MEDIUM | N/A |
| The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input. | |||||
| CVE-2010-2957 | 1 S9y | 1 Serendipity | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1482 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter. | |||||
| CVE-2012-1788 | 1 Wonderdesk | 1 Wonderdesk Sql | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi in WonderDesk SQL 4.14 allow remote attackers to inject arbitrary web script or HTML via the (1) cus_email parameter in a cust_lostpw action; or (2) help_name, (3) help_email, (4) help_website, or (5) help_example_url parameters in an hd_modify_record action. | |||||
| CVE-2010-1515 | 1 Tomatocms | 1 Tomatocms | 2024-02-04 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PATH_INFO; the (3) keyword parameter in conjunction with a /admin/multimedia/set/list PATH_INFO; the (4) keyword or (5) fileId parameter in conjunction with a /admin/multimedia/file/list PATH_INFO; or the (6) name, (7) email, or (8) address parameter in conjunction with a /admin/ad/client/list PATH_INFO. | |||||
| CVE-2010-0365 | 1 Bitscripts | 1 Bits Video Script | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allows remote attackers to inject arbitrary web script or HTML via the order parameter. | |||||
| CVE-2011-4054 | 1 Ca | 1 Siteminder | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter. | |||||
| CVE-2011-2509 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.php; (3) the query string to the com_newsfeeds component, as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a reset.request action to index.php; and, when Internet Explorer or Konqueror is used, (5) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. | |||||
| CVE-2010-4978 | 1 Nicholas Berry | 1 Candid | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the image_id parameter. | |||||
| CVE-2010-0716 | 1 Microsoft | 1 Sharepoint Server | 2024-02-04 | 3.5 LOW | N/A |
| _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed. | |||||
| CVE-2009-4514 | 2 Astha Bhatnagar, Drupal | 2 Shindigintegrator, Drupal | 2024-02-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1107 | 2 Drupal, Fourkitchens | 2 Drupal, Recent Comments | 2024-02-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface." | |||||