Total
38347 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1982 | 1 Socialcms | 1 Socialcms | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in my_admin/admin1_list_pages.php in SocialCMS 1.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the TR_title parameter in an edit action. | |||||
| CVE-2012-4819 | 1 Ibm | 2 Infosphere Business Glossary, Infosphere Information Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, and Reporting and Repository Management Web Console in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-7303 | 1 Spip | 1 Spip | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field. | |||||
| CVE-2013-6808 | 1 Zend | 1 Zendto | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php. | |||||
| CVE-2012-0979 | 1 Twiki | 1 Twiki | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user. | |||||
| CVE-2010-2003 | 1 Proxy2 | 1 Advanced Poll | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Advanced Poll 2.08 allows remote attackers to inject arbitrary web script or HTML via the mysql_host parameter. | |||||
| CVE-2011-0455 | 1 Thingslabo | 2 Bbs Thread, Things Bbs | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Things BBS before 2.0.3 and BBS Thread before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1111 | 1 Easysitenetwork | 1 Jokes Complete Website | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php. | |||||
| CVE-2011-2226 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing. | |||||
| CVE-2012-2872 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-0817 | 1 Microsoft | 2 Sharepoint Server, Sharepoint Services | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. | |||||
| CVE-2011-2743 | 1 Chyrp | 1 Chyrp | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) includes/javascript.php, or the (3) title or (4) body parameter to admin/help.php. | |||||
| CVE-2010-3931 | 1 Rocomotion | 10 P Board, P Diary R, P Forum and 7 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18 and other versions, P forum 1.30 and earlier, P up board 1.38 and other versions, P diary R 1.13 and earlier, P link 1.11 and earlier, P link compact 1.04 and earlier, pplog 3.31 and earlier, pplog2 3.37 and earlier, PM bbs 1.07 and earlier, PM up bbs 1.08 and earlier, and PM forum 1.18 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2013-5129 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. | |||||
| CVE-2010-4880 | 1 Apphp | 1 Apphp Calendar | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to inject arbitrary web script or HTML via the (1) category_name, (2) category_description, (3) event_name, or (4) event_description parameter. | |||||
| CVE-2012-5388 | 2 Videousermanuals, Wordpress | 2 White-label-cms, Wordpress | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387. | |||||
| CVE-2012-3308 | 1 Ibm | 1 Sametime | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat. | |||||
| CVE-2010-4402 | 2 Devbits, Wordpress | 2 Register-plus, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action. | |||||
| CVE-2010-1655 | 1 Powereasy | 1 Siteweaver | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in User/User_ChkLogin.asp in PowerEasy 2006 and PowerEasy SiteWeaver 6.8 allows remote attackers to inject arbitrary web script or HTML via the ComeUrl parameter. | |||||
| CVE-2011-3864 | 2 Somadesign, Wordpress | 2 The Erudite, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | |||||