Total
38454 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4540 | 1 Atmail | 1 Atmail Open | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (aka AtMail Open-Source edition) 1.04 allow remote attackers to inject arbitrary web script or HTML via the func parameter to (1) ldap.php or (2) search.php. | |||||
| CVE-2012-2520 | 1 Microsoft | 8 Groove Server, Infopath, Lync and 5 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." | |||||
| CVE-2011-3181 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name. | |||||
| CVE-2014-0977 | 1 Sixapart | 1 Movabletype | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-2229 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2010-0949 | 1 Natychmiast-cms | 1 Natychmiast-cms | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php. | |||||
| CVE-2010-2779 | 1 Novell | 1 Groupwise | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies." | |||||
| CVE-2011-4265 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-0797 | 2 Snowflake, Typo3 | 2 T3blog, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2769 | 2 Bestpractical, Jesse Vincent | 2 Rt, Extension\ | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-2617 | 1 Paul Mcenery | 1 Php Bible Search | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter. | |||||
| CVE-2012-0909 | 1 Horde | 1 Groupware Webmail Edition | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information. | |||||
| CVE-2011-3132 | 1 Tibco | 2 Spotfire Analytics Server, Spotfire Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-6585 | 1 Myrephp | 1 Myre Realty Manager | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in MYRE Realty Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter. | |||||
| CVE-2012-0933 | 1 Acidcat | 1 Acidcat Cms | 2025-04-11 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/. | |||||
| CVE-2012-4983 | 1 Forescout | 1 Counteract | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device before 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the a parameter to assets/login or (2) the query parameter to assets/rangesearch. | |||||
| CVE-2011-0604 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587. | |||||
| CVE-2012-4207 | 6 Canonical, Debian, Mozilla and 3 more | 14 Ubuntu Linux, Debian Linux, Firefox and 11 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. | |||||
| CVE-2013-1844 | 1 Matomo | 1 Matomo | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-2091 | 1 Microsoft | 3 Exchange Server, Internet Explorer, Windows Server 2003 | 2025-04-11 | 4.3 MEDIUM | N/A |
| Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. | |||||