CVE-2012-6043

Cross-site scripting XSS vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the catid parameter...

CVE-2012-2247

Cross-site scripting XSS vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file...

CVE-2012-6037

Multiple cross-site scripting XSS vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the 1...

Cross site scripting

Cross-site scripting XSS vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. NOTE: this can be leveraged with CVE-2012-2244 to execut...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the 1...

CVE-2012-6037

Multiple cross-site scripting XSS vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the 1...

CVE-2012-2243

Cross-site scripting XSS vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. NOTE: this can be leveraged with CVE-2012-2244 to execut...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in admin/code/tceselectuserspopup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the 1 cid or 2 uids parameter...

CVE-2012-2084

Cross-site scripting XSS vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATHINFO...

Cross site scripting

Cross-site scripting XSS vulnerability in Google Web Toolkit GWT 2.4 Beta and release candidates before 2.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-4563

Cross-site scripting XSS vulnerability in Google Web Toolkit GWT 2.4 Beta and release candidates before 2.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-4950

Cross-site scripting XSS vulnerability in the Keyword Search page in the web interface in Pattern Insight 2.3 allows remote attackers to inject arbitrary web script or HTML via crafted characters that are not properly handled during construction of error messages...

Cross site scripting

Cross-site scripting XSS vulnerability in the Keyword Search page in the web interface in Pattern Insight 2.3 allows remote attackers to inject arbitrary web script or HTML via crafted characters that are not properly handled during construction of error messages...

CVE-2012-4938

Cross-site scripting XSS vulnerability in the web interface in Pattern Insight 2.3 allows remote authenticated administrators to inject arbitrary web script or HTML via the banner message...

Cross site scripting

Cross-site scripting XSS vulnerability in the web interface in Pattern Insight 2.3 allows remote authenticated administrators to inject arbitrary web script or HTML via the banner message...

CVE-2012-4938

Cross-site scripting XSS vulnerability in the web interface in Pattern Insight 2.3 allows remote authenticated administrators to inject arbitrary web script or HTML via the banner message...

CVE-2012-4950

Cross-site scripting XSS vulnerability in the Keyword Search page in the web interface in Pattern Insight 2.3 allows remote attackers to inject arbitrary web script or HTML via crafted characters that are not properly handled during construction of error messages...

CVE-2012-5914

Multiple cross-site scripting XSS vulnerabilities in the sedimport function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the 1 newmsg or 2 rtext parameter. NOTE: some of these details are obtained from third party...

CVE-2012-5903

Cross-site scripting XSS vulnerability in Simple Machines Forum SMF 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php...

CVE-2012-5902

Cross-site scripting XSS vulnerability in ptk/lib/modalbookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter...