15795 matches found
CVE-2019-10336
A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin...
CVE-2019-10346
A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin...
CVE-2010-2700
Cross-site scripting XSS vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script CBQuick allows remote attackers to inject arbitrary web script or HTML via the search parameter...
CVE-2019-13975
eGain Chat 15.0.3 allows HTML Injection...
CVE-2012-3872
Multiple cross-site scripting XSS vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to data/file/edit.php, 2 the q parameter to confirm.php, or 3 the keyword parameter to users/users.php...
CVE-2012-3832
Cross-site scripting XSS vulnerability in decoda/Decoda.php in Decoda before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to 1 b or 2 div tags...
CVE-2011-4827
Multiple cross-site scripting XSS vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 p parameter to redirect.php and 2 box parameter to includes/TrueColorPicker/index.php, which is not properly handled in...
CVE-2011-4806
Multiple cross-site scripting XSS vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 var1 and 2 keyword parameters...
CVE-2013-0938
Cross-site scripting XSS vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-3856
Cross-site scripting XSS vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...
CVE-2019-15331
The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection...
CVE-2010-2365
Cross-site scripting XSS vulnerability in Free CGI Moo moobbs2 before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-1373
Multiple cross-site scripting XSS vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the 1 action parameter in a search request, 2 username in a login request, which is not properly handled when logging the event, or 3 page titl...
CVE-2011-4563
Cross-site scripting XSS vulnerability in index.php in JAKCMS 2.0.4.1, and possibly other versions before 2.2.6 2011-09-23, allows remote attackers to inject arbitrary web script or HTML via the userpost parameter in a PM request, related to tinymce. NOTE: some of these details are obtained from...
CVE-2012-6458
Multiple cross-site scripting XSS vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the 1 FirstName, 2 Surname, or 3 Email parameter to code/forms/OrderFormAddress.php; or the 4 FirstName or 5 Surname...
CVE-2019-10376
A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin...
CVE-2019-10360
A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...
CVE-2019-1003023
A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java,...
CVE-2019-0308
An authenticated attacker in SAP E-Commerce Business-to-Consumer application, versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even...
CVE-2010-2779
Cross-site scripting XSS vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies."...