CVE-2012-4015

Cross-site scripting XSS vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted database entry...

CVE-2011-4750

Multiple cross-site scripting XSS vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files...

CVE-2010-4886

Cross-site scripting XSS vulnerability in the "official twitter tweet button for your page" tweetbutton extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-1482

Cross-site scripting XSS vulnerability in admin/editprefs.php in the backend in CMS Made Simple CMSMS before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the dateformatstring parameter...

CVE-2010-4779

Cross-site scripting XSS vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouchsettings parameter to include/adsense-new.php. NOTE: some of these details are obtained from...

CVE-2010-1076

Cross-site scripting XSS vulnerability in index.php in Entry Level CMS EL CMS allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are...

CVE-2012-2331

Cross-site scripting XSS vulnerability in serendipity/serendipityadminimageselector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipitytextarea parameter. NOTE: this issue might be resultant from cross-site request forgery CSRF...

CVE-2014-8364

Cross-site scripting XSS vulnerability in sshandler.php in the WordPress Spreadsheet wpSS plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ssid parameter...

CVE-2015-6509

Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 proxypass parameter to systemadvancedmisc.php; 2 adaptiveend, 3 adaptivestart, 4 maximumstates, 5 maximumtableentries, or 6 aliasesresolveinterval...

CVE-2011-3859

Cross-site scripting XSS vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter...

CVE-2012-5184

Cross-site scripting XSS vulnerability in the Olive Toast Documents Pro File Viewer formerly Files HD app before 1.11.1 for iOS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-5150

Multiple cross-site scripting XSS vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the 1 query parameter in the runqueryeditorquery module to CustomReportHandler.do, 2 compAcct parameter to jsp/ResetADPwd.jsp,...

CVE-2015-6921

Cross-site scripting XSS vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-5181

Cross-site scripting XSS vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-6528

Multiple cross-site scripting XSS vulnerabilities in installclassic.php in Coppermine Photo Gallery CPG 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the 1 adminusername, 2 adminpassword, 3 adminemail, 4 dbserver, 5 dbname, 6 dbuser, 7 dbpass, 8 tableprefix, or 9 impath...

CVE-2014-5345

Cross-site scripting XSS vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter...

CVE-2014-5344

Multiple cross-site scripting XSS vulnerabilities in the Mobiloud mobiloud-mobile-app-plugin plugin before 2.3.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information...

CVE-2013-1114

Multiple cross-site scripting XSS vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527...

CVE-2013-0317

Cross-site scripting XSS vulnerability in the Manager Change for Organic Groups ogmanagerchange module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field...

CVE-2012-5608

Cross-site scripting XSS vulnerability in apps/userwebdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters...