15795 matches found
CVE-2010-1112
Cross-site scripting XSS vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter...
CVE-2010-2281
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 bannerid parameter in conjunction with a /admin/ad/banner/list PATHINFO; and allow remote authenticated users, with certain...
CVE-2010-4610
Cross-site scripting XSS vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter...
CVE-2010-4607
Multiple cross-site scripting XSS vulnerabilities in Habari 0.6.5, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 additemform parameter to system/admin/dashadditem.php and the 2 statusdata parameter to system/admin/dashstatus.php. NOTE: so...
CVE-2010-0606
Cross-site scripting XSS vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php...
CVE-2010-1371
Cross-site scripting XSS vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to inject arbitrary web script or HTML via the address parameter...
CVE-2012-5587
Cross-site scripting XSS vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link...
CVE-2012-5606
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the 1 file name to apps/filesversions/js/versions.js or 2 apps/files/js/filelist.js; or 3 event title to 3rdparty/fullcalendar/js/fullcalendar.js...
CVE-2012-1612
Cross-site scripting XSS vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-1604
Cross-site scripting XSS vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php...
CVE-2012-6339
Multiple cross-site scripting XSS vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow 1 remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow 2 remote...
CVE-2012-6566
Cross-site scripting XSS vulnerability in REDCap before 4.14.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-2571
Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...
CVE-2012-4932
Multiple cross-site scripting XSS vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via 1 the having parameter in a manage action to index.php; 2 the Email field in an Add User action; 3 the Customer Name field in an Add...
CVE-2012-4541
Cross-site scripting XSS vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-4394
Cross-site scripting XSS vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter...
CVE-2012-4342
Multiple cross-site scripting XSS vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-4968
Multiple cross-site scripting XSS vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted string to the AbsoluteLinks, 2 BigSummary, 3 ContextSummary, 4 EscapeXML, 5 FirstParagraph, 6 FirstSentence, 7...
CVE-2012-0312
Cross-site scripting XSS vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-0296
Multiple cross-site scripting XSS vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...