15796 matches found
CVE-2016-10508
Multiple cross-site scripting XSS vulnerabilities in phpThumb before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php...
CVE-2013-0738
Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php...
CVE-2019-19738
logfileviewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the lFile parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS...
CVE-2019-10475
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin...
CVE-2011-5309
Cross-site scripting XSS vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter...
CVE-2012-2637
Cross-site scripting XSS vulnerability in KENT-WEB WEB PATIO 4.04 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie...
CVE-2015-4457
Multiple cross-site scripting XSS vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors...
CVE-2019-6033
Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2019-5926
Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2010-4716
Cross-site scripting XSS vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2019-3562
A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11...
CVE-2010-2509
Multiple cross-site scripting XSS vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the 1 keyword parameter to category.php and the 2 password parameter to memberlogin.php...
CVE-2011-2673
Cross-site scripting XSS vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-1363
Cross-site scripting XSS vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/...
CVE-2011-4647
Multiple cross-site scripting XSS vulnerabilities in the story creation feature in Geeklog 1.8.0 allow remote attackers to inject arbitrary web script or HTML via the 1 code or 2 raw BBcode tags...
CVE-2012-2634
Cross-site scripting XSS vulnerability in FeedDemon before 4.0, when the feed preview option is enabled, allows remote attackers to inject arbitrary web script or HTML via a feed...
CVE-2019-25144
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator...
CVE-2011-3999
Cross-site scripting XSS vulnerability in the RSS/Atom feed-reader implementation in Iwate Portal Bar allows remote attackers to inject arbitrary web script or HTML via a crafted feed...
CVE-2013-4703
Cross-site scripting XSS vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2019-19386
A cross-site scripting XSS vulnerability in app/voicemailgreetings/voicemailgreetingedit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemailid parameter...