CVE-2015-7708

Cross-site scripting XSS vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the catdescription parameter in an updatecat action to admin/categories.php...

CVE-2019-6016

Cross-site scripting vulnerability in REMISE Payment Module 2.11, 2.12 and 2.13 version 3.0.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2019-17660

A cross-site scripting XSS vulnerability in admin/translate/translateheaderview.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATHINFO...

CVE-2018-15635

Cross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of an internal user of the system by tricking them into inviting a follower on a document with a...

CVE-2018-17322

Cross-site scripting XSS vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter...

CVE-2012-4476

Cross-site scripting XSS vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-3383

Cross-site scripting XSS vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to "the web page to be output."...

CVE-2019-6018

Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier NetCommons3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-2088

Cross-site scripting XSS vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2015-6969

Cross-site scripting XSS vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link...

CVE-2013-2364

Cross-site scripting XSS vulnerability in HP System Management Homepage SMH before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2019-15814

Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML...

CVE-2011-4827

Multiple cross-site scripting XSS vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 p parameter to redirect.php and 2 box parameter to includes/TrueColorPicker/index.php, which is not properly handled in...

CVE-2011-3864

Cross-site scripting XSS vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter...

CVE-2015-1373

Multiple cross-site scripting XSS vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the 1 action parameter in a search request, 2 username in a login request, which is not properly handled when logging the event, or 3 page titl...

CVE-2011-4551

Cross-site scripting XSS vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters...

CVE-2010-4339

Cross-site scripting XSS vulnerability in Hypermail 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted From address, which is not properly handled when indexing messages...

CVE-2012-5541

Cross-site scripting XSS vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "data coming from Twitter."...

CVE-2012-2595

Multiple cross-site scripting XSS vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters...

CVE-2018-15633

Cross-site scripting XSS issue in "document" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted attachment filenames...