CVE-2012-4968

Multiple cross-site scripting XSS vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted string to the AbsoluteLinks, 2 BigSummary, 3 ContextSummary, 4 EscapeXML, 5 FirstParagraph, 6 FirstSentence, 7...

SA-CONTRIB-2012-140 - Inf08 - Cross Site Scripting (XSS)

Inf08 is a valid XHTML 1.0 Strict / CSS 2.1 theme ported from the free CSS template. The theme contains an arbitrary script injection vulnerability XSS due to the fact that it fails to sanitize user supplied taxonomy vocabulary names before display. This vulnerability is mitigated by the fact tha...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 context parameter to panel/indexamp.php or 2 panel/dhtml/index.php; 3 clid or 4 clidname parameters to panel/flash/mypage.php; 5 PATHINFO to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 testaddr or 2 testpass parameter to auth-settings.php; 3 hostname, 4 domainname, or 5 mailserver parameter to setup-relay.php; or 6 subnetmask or...

CVE-2012-4675

CVE-2012-4675 is an XSS vulnerability in PluXml 5.1.6 that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update. The issue is discussed across multiple records (NVD, CVE List, PRION, Debian tracker, etc.) and is characterized by a MEDIUM ba...

CVE-2012-4667

Multiple cross-site scripting XSS vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the 1 url, 2 virus, 3 source, or 4 user parameter to a clwarn.cgi, b clwarn.cgi.deDE, c clwarn.cgi.enEN, d clwarn.cgi.frFR, e clwarn.cgi.ptBR, or f...

Cross site scripting

Cross-site scripting XSS vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email...

CVE-2012-4667

Multiple cross-site scripting XSS vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the 1 url, 2 virus, 3 source, or 4 user parameter to a clwarn.cgi, b clwarn.cgi.deDE, c clwarn.cgi.enEN, d clwarn.cgi.frFR, e clwarn.cgi.ptBR, or f...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

Server: Multiple reflected XSS

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via file names to apps/userldap/settings.php url or title parameter to apps/bookmarks/ajax/editBookmark.php tag or page parameter to...

Multiple stored XSS - ownCloud

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the calendar displayname to part.choosecalendar.rowfields.php part.choosecalendar.rowfields.shared.php in apps/calendar/templates/ unspecified vectors to...

CVE-2011-5084

Cross-site scripting XSS vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-1099

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formoptionshelper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the 1 report parameter to blog/settings or 2 error parameter to users/index...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the 1 period parameter to showHistoryData.do; 2 selectedNetwork, 3 network, or 4 group parameters to showresource.do; 5 header...

CVE-2012-1049

Multiple cross-site scripting XSS vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the 1 domainName parameter to jsp/AddDC.jsp or 2 operation parameter to DomainConfig.do...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information...

CVE-2011-4809

Multiple cross-site scripting XSS vulnerabilities in the HM Community comhmcommunity component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 language, 2 university, 3 persent, 4 companyname, 5 designation, 6 music, 7 books, 8 movies, 9 games, 10...

Cross site scripting

Cross-site scripting XSS vulnerability in includes/templates/templatedefault/templates/tplgvsenddefault.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gvsend action to index.php, a different vulnerability than CVE-2011-4547...

CVE-2011-0550

Multiple cross-site scripting XSS vulnerabilities in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection SEP 11.0.600x through 11.0.6300 allow remote attackers to inject arbitrary web script or HTML via 1 the token parameter to portal/Help.jsp or 2 the URI in a...