CVE-2015-1435

Cross-site scripting XSS vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php...

osTicket Cross-Site Scripting Vulnerability

osTicket is a WEB-based ticket e-commerce system. A cross-site scripting vulnerability exists in osTicket versions prior to 1.9.5.1, which allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

CVE-2015-1057

Cross-site scripting XSS vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value...

CVE-2014-10035

CVE-2014-10035 affects couponPHP before 1.2.0. The admin area is vulnerable to multiple XSS flaws where an attacker can inject arbitrary script/HTML via parameters such as sEcho in comments_paginate.php, stores_paginate.php, and several admin/index.php fields (affiliate_url, description, domain, ...

ZOHO ManageEngine ADSelfService Plus Cross-Site Scripting Vulnerability (CNVD-2015-00152)

ZOHO ManageEngine ADSelfService Plus is a secure, web-based end-user self-service password reset solution. A cross-site scripting vulnerability in ZOHO ManageEngine ADSelfService Plus prior to 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter in...

Cross site scripting

Cross-site scripting XSS vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than CVE-2014-7261...

Cross site scripting

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...

CVE-2014-8622

Cross-site scripting XSS vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...

CVE-2014-3473

Cross-site scripting XSS vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Tivoli Application Dependency Discovery Manager TADDM 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 action or 2 nsextt parameter to oc-admin/index.php or the 3 nsextt parameter in an itemsreported action to oc-admin/index.php...

UBUNTU-CVE-2014-6439

Cross-site scripting XSS vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

PYSEC-2014-32

Cross-site scripting XSS vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

PYSEC-2014-36

Cross-site scripting XSS vulnerability in pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "u,translate."...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management SPM 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

Cross site scripting

Cross-site scripting XSS vulnerability in the management page in Six Apart Movable Type before 5.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

DEBIAN-CVE-2014-5262

SQL injection vulnerability in the graph settings script graphsettings.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2009-5142

Cross-site scripting XSS vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter...