CVE-2012-4905

Cross-site scripting XSS vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS UXSS."...

CVE-2010-5314

Cross-site scripting XSS vulnerability in controllers/homecontroller.php in BEdita before 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index...

CVE-2013-5020

Multiple cross-site scripting XSS vulnerabilities in bbadmin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the 1 forumname, 2 forumgroup, 3 forumicon, or 4 forumdesc parameter. NOTE: the whatus vector is already covered by CVE-2008-2066...

CVE-2012-1064

Multiple cross-site scripting XSS vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-0820

Cross-site scripting XSS vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822...

CVE-2012-4469

Cross-site scripting XSS vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which is not properly handled when administrators...

CVE-2011-1334

Cross-site scripting XSS vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from...

CVE-2010-1276

Multiple cross-site scripting XSS vulnerabilities in BBSXP 2008 SP2 allow remote attackers to inject arbitrary web script or HTML via the URI in a request to 1 AddPost.asp, 2 AddTopic.asp, 3 AdminDefault.asp, 4 Bank.asp, 5 Manage.asp, and 6 ShowPost.asp. NOTE: the provenance of this information i...

CVE-2010-4522

Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 editpost.php, 2 member.php, and 3 newreply.php...

CVE-2012-4247

Multiple cross-site scripting XSS vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the 1 remoteuser, 2 remotedatabase, 3 remoteuserprefix, 4 remotepassword, or 5 remoteprefix parameter to the import4 page; or the ...

CVE-2011-1221

Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zon...

CVE-2011-5317

Cross-site scripting XSS vulnerability in editText.php in WonderCMS before 0.4 allows remote attackers to inject arbitrary web script or HTML via the content parameter...

CVE-2011-5299

Multiple cross-site scripting XSS vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupname parameter to...

CVE-2011-5305

Multiple cross-site scripting XSS vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attackers to inject arbitrary web script or HTML via 1 the rcopy parameter to cgi-bin/admin/rubrikadmin.cgi, 2 the typ parameter to cgi-bin/admin/artikeladmin.cgi, or 3 the suchbegriff parameter to...

CVE-2011-5301

Multiple cross-site scripting XSS vulnerabilities in PHPDug 2.0.0 allow remote attackers to inject arbitrary web script or HTML via 1 the storyurl parameter to addstory.php, 2 the email parameter to editprofile.php, 3 the title parameter to adm/contentadd.php, or 4 the username parameter to...

CVE-2011-5256

Cross-site scripting XSS vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters...

CVE-2011-5257

Multiple cross-site scripting XSS vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 twitterid parameter related to the Twitter widget and 2 facebookid parameter related to the Facebook widget...

CVE-2014-9243

Multiple cross-site scripting XSS vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to wb/admin/admintools/tool.php or 2 sectionid parameter to editmodulefiles.php, 3 news/addpost.php, 4 news/modifygroup.php, 5...

CVE-2011-5159

Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...

CVE-2013-3616

Cross-site scripting XSS vulnerability in the KnowledgeView Editorial and Management application allows remote attackers to inject arbitrary web script or HTML via the username parameter...