Cross site scripting

Cross-site scripting XSS vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type...

CVE-2015-5622

CVE-2015-5622 concerns the robustness of WordPress shortcode HTML tag filtering. The patch tightened the parsing in wp-includes/kses.php and related shortcode handling, with fixes released around WordPress 4.2.x and culminating in WordPress 4.2.3. Debian advisories also note fixes for this CVE in...

Cross site scripting

Cross-site scripting XSS vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766...

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

CVE-2015-2976

Multiple cross-site scripting XSS vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted HTML document or 2 a crafted URL that is mishandled during access-log analysis...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the uscesreferer parameter to 1 classes/usceshop.class.php, 2 includes/edit-form-advanced.php, 3 includes/edit-form-advanced30.php,...

CVE-2015-2973

Multiple cross-site scripting XSS vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the uscesreferer parameter to 1 classes/usceshop.class.php, 2 includes/edit-form-advanced.php, 3 includes/edit-form-advanced30.php,...

CVE-2014-0611

Multiple cross-site scripting XSS vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Error dialog in IBM Case Manager 5.2.1 before 5.2.1.2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to the 1 addressability or 2 comments component...

CVE-2015-4528

Cross-site scripting XSS vulnerability in EMC Documentum CenterStage 1.2SP1 and 1.2SP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 name parameter to dashboard/settings/categories/, 2 title or 3 rel parameter to dashboard/settings/links/, or 4 url parameter to...

CVE-2015-5528

Cross-site scripting XSS vulnerability in the saveorder function in class-floating-social-bar.php in the Floating Social Bar plugin before 1.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the items parameter in an fsbsaveorder action to wp-admin/admin-ajax.ph...

CVE-2015-5519

Cross-site scripting XSS vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account...

CVE-2015-5520

Cross-site scripting XSS vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to inject arbitrary web script or HTML via the oekakis parameter...

CVE-2015-2967

Cross-site scripting XSS vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-5455

Cross-site scripting XSS vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to install/...