Cross site scripting

Cross-site scripting XSS vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter...

CVE-2015-6729

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page...

CVE-2015-6732

Multiple cross-site scripting XSS vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the 1 wpSummary parameter to Special:FormEdit, the 2 "Template label optional" field in a form, or a 3 Field name in a template...

MantisBT 1.2.13 - 1.2.17 XSS Vulnerability - Windows

MantisBT is prone to a cross-site scripting XSS vulnerability. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

CVE-2014-2570

Cross-site scripting XSS vulnerability in www/makesubset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a 1 note added to a time entry or an 2 activity used to categorize time tracker entri...

CVE-2015-6751

Multiple cross-site scripting XSS vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a 1 note added to a time entry or an 2 activity used to categorize time tracker entri...

CVE-2015-6535

Cross-site scripting XSS vulnerability in includes/options-profiles.php in the YouTube Embed plugin before 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML via the Profile name field youtubeembedname parameter...

CVE-2014-2329

Check_MK is affected in versions before 1.2.2p3 and 1.2.3x before 1.2.3i5 by multiple cross-site scripting (XSS) vulnerabilities due to improper validation of user input. An authenticated remote attacker can inject arbitrary script via the (1) agent string for a check_mk agent, (2) a crafted requ...

CVE-2014-8987

Cross-site scripting XSS vulnerability in the "set configuration" box in the Configuration Report page admconfigreport.php in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the configoption parameter, a different vulnerability than...

CVE-2015-2872

Multiple cross-site scripting XSS vulnerabilities in Trend Micro Deep Discovery Inspector DDI on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web...

Cross site scripting

Cross-site scripting XSS vulnerability in pubnames.ntf aka the Directory template in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN...

CVE-2015-6528

Multiple cross-site scripting XSS vulnerabilities in installclassic.php in Coppermine Photo Gallery CPG 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the 1 adminusername, 2 adminpassword, 3 adminemail, 4 dbserver, 5 dbname, 6 dbuser, 7 dbpass, 8 tableprefix, or 9 impath...

CVE-2015-6528

Multiple cross-site scripting XSS vulnerabilities in installclassic.php in Coppermine Photo Gallery CPG 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the 1 adminusername, 2 adminpassword, 3 adminemail, 4 dbserver, 5 dbname, 6 dbuser, 7 dbpass, 8 tableprefix, or 9 impath...

CVE-2015-5507

Cross-site scripting XSS vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-5495

Cross-site scripting XSS vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer menu" permission to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpressattachments page to wp-admin/edit.php...