CVE-2018-15574

An issue was discovered in the license editor in Reprise License Manager RLM through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/editlfgetdata lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."...

CVE-2012-6007

Cross-site scripting XSS vulnerability in screens/base/webauthcustom.html on Cisco Wireless LAN Controller WLC devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than...

CVE-2012-2309

Cross-site scripting XSS vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-2064

Cross-site scripting XSS vulnerability in theme/viewslangswitch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2013-1227

Cross-site scripting XSS vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCug37902...

CVE-2013-0582

Cross-site scripting XSS vulnerability in IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway TFIMBG 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to inject...

CVE-2017-9836

Cross-site scripting XSS vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtualname parameter to /admin.php i.e., creating a virtual album...

CVE-2017-15009

PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm the error page, via the errormsg parameter...

CVE-2019-5937

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information...

CVE-2019-0329

SAP Information Steward, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2019-17276

OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field...

CVE-2019-17189

totemodata 3.0.0b936 has XSS via a folder name...

CVE-2011-10006

A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.65 is able to...

CVE-2018-25051

A vulnerability, which was classified as problematic, was found in JmPotato Pomash. This affects an unknown part of the file Pomash/theme/clean/templates/editor.html. The manipulation of the argument article.title/content.title/article.tag leads to cross site scripting. It is possible to initiate...

CVE-2014-10392

The cforms2 plugin before 10.2 for WordPress has XSS...

CVE-2019-6011

Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2019-14415

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. A persistent cross-site scripting XSS vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. A victim must open a resiliency plan that a...

CVE-2019-0281

SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2019-14471

TestLink 1.9.19 has XSS via the error.php message parameter...

CVE-2019-0385

SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...