CVE-2011-5082

Cross-site scripting XSS vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2memberproauthnetcheckoutcoupon parameter aka Coupon Code field...

CVE-2012-1099

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formoptionshelper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain...

CVE-2011-5081

Cross-site scripting XSS vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.cgi...

flash-plugin: universal cross-site scripting flaw (APSB12-03)

Cross-site scripting XSS vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via...

CVE-2011-5080

Cross-site scripting XSS vulnerability in lib/class.txjftcaformstceFunc.php in the Additional TCA Forms jftcaforms extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

EUVD-2012-1096

Cross-site scripting XSS vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the valuetitle parameter, as demonstrated using the "Front" field in the shirt module...

UBUNTU-CVE-2012-0834

Cross-site scripting XSS vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a queryengine action to cmd.php...

JON: Multiple XSS flaws

Multiple cross-site scripting XSS vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network aka JON or JBoss ON before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

PT-2012-2868 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via the dbhost, dbname, or uname parameters in the wp-admin/setup-config.php file. The vendor disputes the significance...

CVE-2011-5073

Multiple cross-site scripting XSS vulnerabilities in Support Incident Tracker aka SiT! before 3.65 allow remote attackers to inject arbitrary web script or HTML via the 1 mode parameter to contactsupport.php; 2 contractid parameter to contractaddservice.php; 3 user parameter to editbackupusers.ph...

CVE-2011-4778

CVE-2011-4778 affects Splunk Web in Splunk 4.2.x up to, but not including, 4.2.5. It is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors (aka SPL-44614). Impact is remote code execution of scripts within the bro...

UBUNTU-CVE-2011-4344

Cross-site scripting XSS vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages...

CVE-2011-4563

CVE-2011-4563 affects JAKCMS web app: XSS in index.php affecting 2.0.4.1 and possibly earlier versions up to 2.2.6, exploitable via the userpost parameter in a PM request and related to tinymce. The concrete vulnerability is a cross-site scripting flaw that allows remote attackers to inject arbit...

PT-2011-4932 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 3.1.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the username parameter in a setup action to "admin/company.php", or the PATH INFO to "admin/security...

DEBIAN-CVE-2011-2770

Cross-site scripting XSS vulnerability in man2html.cgi.c in man2html 1.6, and possibly other version, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error messages...

DEBIAN-CVE-2011-4074

Cross-site scripting XSS vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an debug command...

CVE-2010-4985

Cross-site scripting XSS vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to inject arbitrary web script or HTML via vectors involving the "Enter Reference Number Below" text box...

Cross site scripting

Cross-site scripting XSS vulnerability in the search feature in Campsite 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the fsearchkeywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2011-4064

Cross-site scripting XSS vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value...

UBUNTU-CVE-2011-3243

Cross-site scripting XSS vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows...