Total
37838 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3860 | 2 Onedesigns, Wordpress | 2 Cover Wp, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2013-5094 | 1 Mcafee | 1 Vulnerability Manager | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter. | |||||
| CVE-2013-6732 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | |||||
| CVE-2013-1095 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event. | |||||
| CVE-2010-2154 | 1 Cmscout | 1 Cmscout | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Search Site in CMScout 2.09, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-1158 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) help menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud54397. | |||||
| CVE-2012-1863 | 1 Microsoft | 4 Office Sharepoint Server, Sharepoint Foundation, Sharepoint Server and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." | |||||
| CVE-2012-6007 | 1 Cisco | 9 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 2500 Wireless Lan Controller and 6 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992. | |||||
| CVE-2014-1458 | 1 Fortinet | 1 Fortiweb | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4405 | 2 Anything-digital, Joomla | 2 Sh404sef, Joomla\! | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-0589 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588. | |||||
| CVE-2012-2985 | 1 Cutesoft Components | 1 Cute Editor | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in CuteSoft Cute Editor 6.4 allows remote authenticated users to inject arbitrary web script or HTML via the _UploadID parameter. | |||||
| CVE-2013-2955 | 1 Ibm | 1 Infosphere Optim Data Growth For Oracle E-business Suite | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, related to a stored XSS issue. | |||||
| CVE-2012-2297 | 2 Creative Commons Module Project, Drupal | 2 Creativecommons, Drupal | 2025-04-11 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the (1) creativecommons_user_message or (2) creativecommons_site_license_additional_text parameter. | |||||
| CVE-2010-0370 | 3 Drupal, Roger Lopez, Thomas Turnbull | 3 Drupal, Nodeblock, Nodeblock | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title). | |||||
| CVE-2009-4924 | 1 Dan Pascu | 1 Python-cjson | 2025-04-11 | 4.3 MEDIUM | N/A |
| Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element. | |||||
| CVE-2012-3800 | 2 Drupal, Moshe Weitzman | 2 Drupal, Organic Groups | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title. | |||||
| CVE-2010-4848 | 1 Axscripts | 1 Axslinks | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in addlink.php in AXScripts AxsLinks 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) title parameter. | |||||
| CVE-2013-4045 | 1 Ibm | 1 Spss Collaboration And Deployment Services | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6033 | 1 Lexmark | 9 C52x, C53x, C920 and 6 more | 2025-04-11 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field. | |||||