CVE-2012-4890

Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a 1 comment to the news, 2 title to the news, or 3 the folder names in a gallery...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database CCMDB, allows remote authenticated users to inject...

CVE-2011-4942

Multiple cross-site scripting XSS vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the 1 subgroup or 2 confgroup parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF...

Cross site scripting

Cross-site scripting XSS vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566...

Cross site scripting

Cross-site scripting XSS vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter...

CVE-2012-1648

Cross-site scripting XSS vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-1469

Multiple cross-site scripting XSS vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the 1 editor or 2 callback parameters to lib/pkp/lib/tinymce/jscripts/tinymce/plugins/ibrowser/ibrowser.php in th...

CVE-2012-1469

Multiple cross-site scripting XSS vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the 1 editor or 2 callback parameters to lib/pkp/lib/tinymce/jscripts/tinymce/plugins/ibrowser/ibrowser.php in th...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the 1 editor or 2 callback parameters to lib/pkp/lib/tinymce/jscripts/tinymce/plugins/ibrowser/ibrowser.php in th...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 user, 2 email, 3 email2, 4 f17zip, or 5 agree parameter to join.php; 6 PATHINFO, 7 st, 8 f17city, 9 f17country, 10 f17state, 11 f17zip, 12 f19, 13...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the 1 calendar displayname to part.choosecalendar.rowfields.php or 2 part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or 3 unspecified...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 file names to apps/userldap/settings.php; 2 url or 3 title parameter to apps/bookmarks/ajax/editBookmark.php; 4 tag or 5 page parameter to...

CVE-2012-2068

Multiple cross-site scripting XSS vulnerabilities in fancyslide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancyslide permission to inject arbitrary web script or HTML via the 1 nodetitle or 2 nodequeuetitle parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in fancyslide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancyslide permission to inject arbitrary web script or HTML via the 1 nodetitle or 2 nodequeuetitle parameter...

CVE-2012-2068

Multiple cross-site scripting XSS vulnerabilities in fancyslide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancyslide permission to inject arbitrary web script or HTML via the 1 nodetitle or 2 nodequeuetitle parameter...

CVE-2011-4950

Cross-site scripting XSS vulnerability in phpgwapi/js/jscalendar/test.php in EGroupware Enterprise Line EPL before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

CVE-2011-5143

Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tfname, 2 tfdelegation, and 3 tfip parameters to index.php. NOTE: the provenance of this information is unknown; th...

CVE-2011-5142

Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tfdelegation, 2 tfip, or 3 tfname parameter in a search action to host/hostindex.php; 4 login parameter to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the 1 ipaddress or 2 domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tfdelegation, 2 tfip, or 3 tfname parameter in a search action to host/hostindex.php; 4 login parameter to...