CVE-2012-4037

Multiple cross-site scripting XSS vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the 1 comment, 2 created by, or 3 name field in a torrent file...

CVE-2012-2076

Cross-site scripting XSS vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title...

Cross site scripting

Cross-site scripting XSS vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-2300

Multiple cross-site scripting XSS vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-2298

Multiple cross-site scripting XSS vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 "user names in page titles" and 2 "autocomplete callbacks."...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-2300

Multiple cross-site scripting XSS vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to app/view/agenda-widget-form.php; 2 args, 3 title, 4 beforetitle, or 5 aftertitle parameter...

CVE-2012-1835

Multiple cross-site scripting XSS vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to app/view/agenda-widget-form.php; 2 args, 3 title, 4 beforetitle, or 5 aftertitle parameter...

CVE-2012-1835

Multiple cross-site scripting XSS vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to app/view/agenda-widget-form.php; 2 args, 3 title, 4 beforetitle, or 5 aftertitle parameter...

CVE-2012-4277

Cross-site scripting XSS vulnerability in the smartyfunctionhtmloptionsoptoutput function in distribution/libs/plugins/function.htmloptions.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-4271

Multiple cross-site scripting XSS vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, 2 httpblkey, 3 httpblmaxage, 4 httpblthreat, 5...

Cross site scripting

Cross-site scripting XSS vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message...

CVE-2012-4273

Cross-site scripting XSS vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter...

CVE-2012-4271

Multiple cross-site scripting XSS vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, 2 httpblkey, 3 httpblmaxage, 4 httpblthreat, 5...

CVE-2012-4264

Multiple cross-site scripting XSS vulnerabilities in the Better WP Security betterwpsecurity plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263...

CVE-2012-2371

Cross-site scripting XSS vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the paginationwpfacethumb parameter...

CVE-2012-3869

Cross-site scripting XSS vulnerability in include/classes/class.rexlist.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php...

CVE-2012-4262

Multiple cross-site scripting XSS vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the 1 namelast, 2 namefirst, 3 namemiddle, or 4 namemaiden parameter to modules/patient/mycarepid.php; 5 favorites or 6 lang parameter to...