CVE-2020-11727

A cross-site scripting XSS vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woeposttype parameter...

CVE-2014-3974

Cross-site scripting XSS vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter...

CVE-2014-9241

Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the 1 type parameter to report.php, 2 signature parameter in a doeditsig action to usercp.php, or 3 title parameter in the...

CVE-2014-9434

Cross-site scripting XSS vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter...

CVE-2014-9364

Cross-site scripting XSS vulnerability in the Unified Login form in the LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-9741

Multiple cross-site scripting XSS vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-2231

Cross-site scripting XSS vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title...

CVE-2014-4742

Cross-site scripting XSS vulnerability in system/classlink.php in the System module modulesystem in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the systemid parameter in a mediaFolder action to index.php...

CVE-2014-8307

Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...

CVE-2010-3012

Cross-site scripting XSS vulnerability in HP System Management Homepage SMH before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error...

CVE-2010-1856

Cross-site scripting XSS vulnerability in index.php in RepairShop2 1.9.023 Trial, when magicquotesgpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action...

CVE-2010-1541

Multiple cross-site scripting XSS vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 category and 2 listquantity parameters to index.php, and the 3 category parameter to your.order.php...

CVE-2010-2970

Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 action/SlideShow.py, 2 action/anywikidraw.py, and 3 action/languagesetup.py, a similar issue to CVE-2010-2487...

CVE-2010-4412

Multiple cross-site scripting XSS vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via 1 the id parameter in an olsrd.xml action to pkgedit.php, 2 the xml parameter to pkg.php, or the if parameter to 3 statusgraph.php or 4 interfaces.php, a differe...

CVE-2010-4246

Multiple cross-site scripting XSS vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the 1 ifnum or 2 ifname parameter, a different vulnerability than CVE-2008-1182...

CVE-2010-0699

Cross-site scripting XSS vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2012-5606

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the 1 file name to apps/filesversions/js/versions.js or 2 apps/files/js/filelist.js; or 3 event title to 3rdparty/fullcalendar/js/fullcalendar.js...

CVE-2012-1898

Multiple cross-site scripting XSS vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 username, 2 useremail, or 3 userusername parameters...

CVE-2012-1000

Multiple cross-site scripting XSS vulnerabilities in LEPTON 1.1.3 and other versions before 1.1.4 allow remote attackers to inject arbitrary web script or HTML via the 1 message parameter to admins/login/forgot/index.php, or the 2 displayname or 3 email parameter to account/preferences.php...

CVE-2012-1613

Cross-site scripting XSS vulnerability in editonepic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter...