CVE-2010-2267

Multiple cross-site scripting XSS vulnerabilities in Accoria Web Server aka Rock Web Server 1.4.7 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to the getenv sample program, 2 the desc parameter to loadstatic.cgi, 3 the name parameter to httpdcfg.cgi, or 4 t...

CVE-2012-6587

Cross-site scripting XSS vulnerability in vacation/1mobile/alertmembers.php in MYRE Vacation Rental Software allows remote attackers to inject arbitrary web script or HTML via the linkidd parameter in a login action...

CVE-2010-3285

Unspecified vulnerability in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to cause a denial of service via unknown vectors...

CVE-2014-5199

Cross-site request forgery CSRF vulnerability in the WordPress File Upload plugin wp-file-upload before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are...

CVE-2010-2084

Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to an attribute...

CVE-2010-2046

Multiple cross-site scripting XSS vulnerabilities in the ActiveHelper LiveHelp comactivehelperlivehelp component 2.0.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via 1 the DOMAINID parameter to server/cookies.php or 2 the SERVER parameter to server/index.php...

CVE-2013-5695

Multiple cross-site scripting XSS vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to admin/auditlog/, 2 PATHINFO to info/host/ or 3 viewport/, 4 back parameter to login, or 5 "from" parameter to status/service/recheck...

CVE-2014-5016

Multiple cross-site scripting XSS vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via 1 the pid attribute to the getAttributejson function to application/controllers/admin/participantsaction.php in CPDB, 2 the sa parameter to...

CVE-2010-2987

Multiple cross-site scripting XSS vulnerabilities in Cisco Wireless Control System WCS 7.x before 7.0.164, as used in Cisco Unified Wireless Network UWN Solution 7.x before 7.0.98.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtg33854...

CVE-2010-1985

Multiple cross-site scripting XSS vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2012-1545

Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service memory corruption by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012...

CVE-2010-3882

Multiple cross-site scripting XSS vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the 1 Add Pages, 2 Add Global Content, 3 Edit Global Content, 4 Add Article, 5 Add Category, 6 Add Field Definition, or 7 Add Shortcut...

CVE-2018-20371

PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.htmlpasswd1" and "GET /login.htmlpasswd2" and so on...

CVE-2012-3251

Cross-site scripting XSS vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-0736

Multiple cross-site request forgery CSRF vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 modify user privileges or 2 conduct cross-site scripting XSS attacks via...

CVE-2013-4507

Cross-site scripting XSS vulnerability in CollectiveAccess Providence and Pawtucket before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-4263

Cross-site scripting XSS vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-2969

Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request...

CVE-2012-5692

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board aka IPB or IP.Board 3.1.x through 3.3.x has unknown impact and remote attack vectors...

CVE-2013-4378

Cross-site scripting XSS vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header...