CVE-2020-35416

Multiple cross-site scripting XSS vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage with different request parameters, allows remote attackers to inject arbitrary web script or HTML...

CVE-2020-11978

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

CVE-2020-19626

Cross Site Scripting XSS vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new...

CVE-2020-25343

Cross-site scripting XSS vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields'body' param via events\event.publisharticle.php...

CVE-2020-27182

Multiple cross-site scripting XSS vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, jobjacketdetail.jsp, ixedit/editorcomponent.jsp, or the login form...

CVE-2014-3960

Multiple cross-site scripting XSS vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-9443

Cross-site scripting XSS vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-9236

Cross-site scripting XSS vulnerability in php/editphotos.php in Zoph aka Zoph Organizes Photos 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 photographerid or 2 crumb parameter...

CVE-2010-1014

Cross-site scripting XSS vulnerability in the Reports Logfile View reportslogview extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-2275

Cross-site scripting XSS vulnerability in dijit/tests/testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/testButton.html...

CVE-2010-2671

Cross-site scripting XSS vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter...

CVE-2010-4718

Multiple cross-site scripting XSS vulnerabilities in the Lyftenbloggie comlyftenbloggie component 1.1.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 tag and 2 category parameters to index.php...

CVE-2012-6312

Cross-site scripting XSS vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php...

CVE-2012-6557

Multiple cross-site scripting XSS vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the 1 AboutMe/RealName, 2 AboutMe/Name, 3 AboutMe/Quote, 4 AboutMe/Loc, 5 AboutMe/Emp, 6 AboutMe/JobTit, 7 AboutMe/HS, 8 AboutMe/Col, ...

CVE-2012-2585

Multiple cross-site scripting XSS vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the...

CVE-2012-4932

Multiple cross-site scripting XSS vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via 1 the having parameter in a manage action to index.php; 2 the Email field in an Add User action; 3 the Customer Name field in an Add...

CVE-2012-4246

Multiple cross-site scripting XSS vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the 1 page parameter; or the 2 footer, 3 status, or 4 testtarget parameter in the send page...

CVE-2013-3501

Multiple cross-site scripting XSS vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the foundation-webapp/admin/ directory, 2 the NeDi component, or 3 the Noma component...

CVE-2013-3372

Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting XSS attacks via unspecified vectors...

CVE-2013-5670

Cross-site scripting XSS vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the torlist parameter...