CVE-2010-1482

Cross-site scripting XSS vulnerability in admin/editprefs.php in the backend in CMS Made Simple CMSMS before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the dateformatstring parameter...

CVE-2010-4779

Cross-site scripting XSS vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouchsettings parameter to include/adsense-new.php. NOTE: some of these details are obtained from...

CVE-2010-1076

Cross-site scripting XSS vulnerability in index.php in Entry Level CMS EL CMS allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are...

CVE-2012-2331

Cross-site scripting XSS vulnerability in serendipity/serendipityadminimageselector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipitytextarea parameter. NOTE: this issue might be resultant from cross-site request forgery CSRF...

CVE-2014-8364

Cross-site scripting XSS vulnerability in sshandler.php in the WordPress Spreadsheet wpSS plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ssid parameter...

CVE-2015-6509

Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 proxypass parameter to systemadvancedmisc.php; 2 adaptiveend, 3 adaptivestart, 4 maximumstates, 5 maximumtableentries, or 6 aliasesresolveinterval...

CVE-2011-3859

Cross-site scripting XSS vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter...

CVE-2012-5184

Cross-site scripting XSS vulnerability in the Olive Toast Documents Pro File Viewer formerly Files HD app before 1.11.1 for iOS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-5150

Multiple cross-site scripting XSS vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the 1 query parameter in the runqueryeditorquery module to CustomReportHandler.do, 2 compAcct parameter to jsp/ResetADPwd.jsp,...

CVE-2015-6921

Cross-site scripting XSS vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-5181

Cross-site scripting XSS vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-6528

Multiple cross-site scripting XSS vulnerabilities in installclassic.php in Coppermine Photo Gallery CPG 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the 1 adminusername, 2 adminpassword, 3 adminemail, 4 dbserver, 5 dbname, 6 dbuser, 7 dbpass, 8 tableprefix, or 9 impath...

CVE-2014-5345

Cross-site scripting XSS vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter...

CVE-2014-5344

Multiple cross-site scripting XSS vulnerabilities in the Mobiloud mobiloud-mobile-app-plugin plugin before 2.3.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information...

CVE-2013-1114

Multiple cross-site scripting XSS vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527...

CVE-2013-0317

Cross-site scripting XSS vulnerability in the Manager Change for Organic Groups ogmanagerchange module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field...

CVE-2012-5608

Cross-site scripting XSS vulnerability in apps/userwebdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters...

CVE-2012-2235

Cross-site scripting XSS vulnerability in Support Incident Tracker SiT! 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message...

CVE-2010-2675

Cross-site scripting XSS vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an articolo action...

CVE-2009-3225

Multiple cross-site scripting XSS vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via 1 the page parameter in a browse action to index.php or 2 the addr parameter to...