CVE-2013-0581

CVE-2013-0581 (IBM BPM) affects IBM Business Process Manager Standard/Express/Advanced 7.5.1.x, 8.0.0.x, 8.0.1.x (before FP1). Root cause: multiple cross-site scripting (XSS) vulnerabilities enabling remote authenticated users to inject arbitrary web script or HTML via four vectors: ProcessPortal...

CVE-2013-0468

Cross-site scripting XSS vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-2983...

CVE-2013-0455

Multiple cross-site scripting XSS vulnerabilities in IBM Sterling B2B Integrator 5.2.4 and Sterling File Gateway allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-6148

Cross-site scripting XSS vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-4744

Cross-site scripting XSS vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in data/class/pages/products/LCPageProductsList.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategoryid2 field, a different vulnerability than CVE-2013-3653...

Cross site scripting

Cross-site scripting XSS vulnerability in the Fonecta verify module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-3396

Cross-site scripting XSS vulnerability in the web framework in Cisco Content Security Management on Security Management Appliance SMA devices allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh24749...

CVE-2013-3396

Cross-site scripting XSS vulnerability in the web framework in Cisco Content Security Management on Security Management Appliance SMA devices allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh24749...

CVE-2013-1971

Cross-site scripting XSS vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file...

CVE-2013-2129

The CVE-2013-2129 issue affects the Drupal Webform module (6.x-3.x) prior to 6.x-3.19. It is a Cross-site Scripting (XSS) vulnerability whereby remote authenticated users with the "edit own webform content" or "edit all webform content" permissions can inject arbitrary web script or HTML via a co...

CVE-2013-0548

Multiple cross-site scripting XSS vulnerabilities in the Basic Services component in IBM Tivoli Monitoring ITM 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business formerly Tivoli Foundations Application Manager 1.2.1...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Basic Services component in IBM Tivoli Monitoring ITM 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business formerly Tivoli Foundations Application Manager 1.2.1...

CVE-2013-1905

Cross-site scripting XSS vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels...

Cross site scripting

Cross-site scripting XSS vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management ZCM 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload event...

CVE-2012-6564

Cross-site scripting XSS vulnerability in REDCap before 4.14.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Server: Multiple XSS vulnerabilities

Cross-site scripting XSS vulnerabilities in js/viewer.js inside the filesvideoviewer application via multiple unspecified vectors in all ownCloud versions prior to 5.0.7 and 4.5.12 allows authenticated remote attackers to inject arbitrary web script or HTML via shared files. CVE-2013-2150...