CVE-2012-4492

Multiple cross-site scripting XSS vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors to the 1 report or 2 Custom Services...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 index.php, 2 modules/admin/adminmoduleindex.php, or 3 modules/calendar/customisecalendartimes.php; login parameter to 4 index.ph...

Cross site scripting

Cross-site scripting XSS vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to index.php...

CVE-2011-5225

Cross-site scripting XSS vulnerability in wordpresssentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcmsodevelopername parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-53...

CVE-2012-5388

Cross-site scripting XSS vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcmsodevelopername parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-53...

CVE-2012-5169

Multiple cross-site scripting XSS vulnerabilities in filemanager/previewtop.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the 1 pathext, 2 popup, 3 framed, or 4 file parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in filemanager/previewtop.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the 1 pathext, 2 popup, 3 framed, or 4 file parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 multititle parameter to blocks/add/; 2 cost, 3 days, or 4 titleen parameter to plans/add/; 5 name or 6 titleen parameter to fields/group/add/ in...

Cross site scripting

Cross-site scripting XSS vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452...

CVE-2011-5211

Cross-site scripting XSS vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452...

WordPress White Label CMS Plugin <= 1.5 - XSS

Because of this vulnerability in wlcms-plugin.php, the authenticated administrators can inject arbitrary web script or HTML via the "wlcmsodevelopername" parameter. Solution Update the plugin...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the 1 $name or 2 $description variables in editentryhandler.php, or 3 $url, 4 $tempfullname, or 5 $extusers variables in viewentry.php, different vector...

CVE-2012-5384

CVE-2012-5384 and related entries describe multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar. The flaws allow remote attackers to inject arbitrary script/HTML by manipulating parameters in edit_entry_handler.php (name/description) and view_entry.php (url, tempfullna...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2012-5341

Multiple cross-site scripting XSS vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the 1 action parameter, 2 show parameter in a stattld action, or 3 order parameter in a statabfragen action...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the 1 action parameter, 2 show parameter in a stattld action, or 3 order parameter in a statabfragen action...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 link, 2 title, or 3 dl parameter...

CVE-2012-5341

Multiple cross-site scripting XSS vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the 1 action parameter, 2 show parameter in a stattld action, or 3 order parameter in a statabfragen action...

CVE-2012-5349

Multiple cross-site scripting XSS vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 link, 2 title, or 3 dl parameter...