CVE-2011-5081

Cross-site scripting XSS vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.cgi...

flash-plugin: universal cross-site scripting flaw (APSB12-03)

Cross-site scripting XSS vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via...

Oracle WebCenter Content idc/idcplg Multiple Parameter XSS

Oracle WebCenter Content script '/idc/idcplg' contains several parameters that are incorrectly filtered, including 'sltPageTitle' and 'redirectPageTitle'. This makes the WebCenter Content install susceptible to a reflected cross-site scripting attack. By tricking someone into clicking on a...

CVE-2011-5080

Cross-site scripting XSS vulnerability in lib/class.txjftcaformstceFunc.php in the Additional TCA Forms jftcaforms extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

EUVD-2012-1096

Cross-site scripting XSS vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the valuetitle parameter, as demonstrated using the "Front" field in the shirt module...

UBUNTU-CVE-2012-0834

Cross-site scripting XSS vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a queryengine action to cmd.php...

JON: Multiple XSS flaws

Multiple cross-site scripting XSS vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network aka JON or JBoss ON before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

PT-2012-2868 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via the dbhost, dbname, or uname parameters in the wp-admin/setup-config.php file. The vendor disputes the significance...

CVE-2011-5073

Multiple cross-site scripting XSS vulnerabilities in Support Incident Tracker aka SiT! before 3.65 allow remote attackers to inject arbitrary web script or HTML via the 1 mode parameter to contactsupport.php; 2 contractid parameter to contractaddservice.php; 3 user parameter to editbackupusers.ph...

WordPress Plugin Count Per Day - Multiple Vulnerabilities

Exploit Title: Count-per-day Wordpress plugin Arbitrary file download and XSS Version: '...

WordPress Plugin Count Per Day - Multiple Vulnerabilities

WordPress Plugin Count Per Day - Multiple Vulnerabilities Exploit Title: Count-per-day Wordpress plugin Arbitrary file download and XSS Version: '...

WordPress Count per Day Plugin - Multiple Vulnerabilities

WordPress Count per Day plugin is prone to multiple vulnerabilities such as XSS and user could call a remote script to download arbitrary file from the target system. Solution Update the plugin...

CVE-2011-4778

CVE-2011-4778 affects Splunk Web in Splunk 4.2.x up to, but not including, 4.2.5. It is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors (aka SPL-44614). Impact is remote code execution of scripts within the bro...

DEBIAN-CVE-2011-4782

Cross-site scripting XSS vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

UBUNTU-CVE-2011-4344

Cross-site scripting XSS vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages...

CVE-2011-4563

CVE-2011-4563 affects JAKCMS web app: XSS in index.php affecting 2.0.4.1 and possibly earlier versions up to 2.2.6, exploitable via the userpost parameter in a PM request and related to tinymce. The concrete vulnerability is a cross-site scripting flaw that allows remote attackers to inject arbit...

PT-2011-4932 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 3.1.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the username parameter in a setup action to "admin/company.php", or the PATH INFO to "admin/security...

DEBIAN-CVE-2011-2770

Cross-site scripting XSS vulnerability in man2html.cgi.c in man2html 1.6, and possibly other version, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error messages...

flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26

Cross-site scripting XSS vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as...

DEBIAN-CVE-2011-4074

Cross-site scripting XSS vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an debug command...