Total
37128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-5018 | 1 Koala-framework | 1 Koala Framework | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Koala Framework before 2011-11-21 has XSS via the request_uri parameter. | |||||
| CVE-2011-4938 | 1 Muze | 1 Ariadne | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php. | |||||
| CVE-2011-4924 | 1 Zope | 1 Zope | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104 | |||||
| CVE-2011-4903 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function. | |||||
| CVE-2011-4632 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message. | |||||
| CVE-2011-4631 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler. | |||||
| CVE-2011-4630 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard. | |||||
| CVE-2011-4629 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel. | |||||
| CVE-2011-4626 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function. | |||||
| CVE-2011-4455 | 1 Tiki | 1 Tiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php. | |||||
| CVE-2011-4454 | 1 Tiki | 1 Tiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index. | |||||
| CVE-2011-4336 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php. | |||||
| CVE-2011-4095 | 1 Jara Project | 1 Jara | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jara 1.6 has an XSS vulnerability | |||||
| CVE-2011-4090 | 1 S9y | 1 Serendipity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation. | |||||
| CVE-2011-3656 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing. | |||||
| CVE-2011-3642 | 1 Flowplayer | 1 Flowplayer Flash | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin. | |||||
| CVE-2011-3622 | 1 Phorum | 1 Phorum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18. | |||||
| CVE-2011-3610 | 1 S9y | 1 Serendipity Event Freetag | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf. | |||||
| CVE-2011-3606 | 1 Redhat | 1 Jboss Application Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution. | |||||
| CVE-2011-3595 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters. | |||||