Cross site scripting

Cross-site scripting XSS vulnerability in account-closed.tcl in project-open aka po 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the message parameter to register/account-closed...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in login.php in NexorONE Online Banking allow remote attackers to inject arbitrary web script or HTML via the 1 visitorlanguage parameter to register.php or 2 message parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in includes/convert.php in D-Mack Media Currency Converter modcurrencyconverter module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in bin/index.php in SimpleGroupware 0.742 and other versions before 0.743 allows remote attackers to inject arbitrary web script or HTML via the export parameter...

CVE-2012-1028

Cross-site scripting XSS vulnerability in bin/index.php in SimpleGroupware 0.742 and other versions before 0.743 allows remote attackers to inject arbitrary web script or HTML via the export parameter...

CVE-2012-1005

Multiple cross-site scripting XSS vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as demonstrated using 1 Blog/MyFirstBlog.txt or 2 Blog/AboutSomething.txt...

CVE-2012-1007

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via 1 the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to 2 struts-cookbook/processSimple.do or 3...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via 1 the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to 2 struts-cookbook/processSimple.do or 3...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 lastName parameter to struts2-showcase/person/editPerson.action, or the 3 clientName parameter to struts2-rest-showcase/orders...

CVE-2012-1006

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 lastName parameter to struts2-showcase/person/editPerson.action, or the 3 clientName parameter to struts2-rest-showcase/orders...

Cross site scripting

Cross-site scripting XSS vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime...

CVE-2012-0979

Cross-site scripting XSS vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving 1 registration or 2 editing of the user...

CVE-2012-0976

Cross-site scripting XSS vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information...

Cross site scripting

Cross-site scripting XSS vulnerability in misc.php in Image Hosting Script DPI 1.0, 1.3, and earlier allows remote attackers to inject arbitrary web script or HTML via the showseries parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving 1 registration or 2 editing of the user...

CVE-2012-0446

Multiple cross-site scripting XSS vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a 1 web page or 2 Firefox extension, related to improper enforcement of XPConnect security...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a 1 web page or 2 Firefox extension, related to improper enforcement of XPConnect security...

CVE-2012-0446

Multiple cross-site scripting XSS vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a 1 web page or 2 Firefox extension, related to improper enforcement of XPConnect security...

Cross site scripting

DISPUTED Multiple cross-site scripting XSS vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dbhost, 2 dbname, or 3 uname parameter. NOTE: the vendor disputes the...

Cross site scripting

Cross-site scripting XSS vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...