4584 matches found
PYSEC-2014-54
Multiple cross-site scripting XSS vulnerabilities in 1 spamProtect.py, 2 pts.py, and 3 request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
UBUNTU-CVE-2013-6047
Multiple cross-site scripting XSS vulnerabilities in the site creation interface in ikiwiki-hosting before 0.20131025 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
DEBIAN-CVE-2014-0081
Multiple cross-site scripting XSS vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the 1 format, 2 negativeformat, or 3 units...
Satellite/Spacewalk: XSS in EditAddress page
Cross-site scripting XSS vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter...
CVE-2014-1869
Multiple cross-site scripting XSS vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters aka loaderInfo.parameters...
PT-2014-2144 · Red Hat · Spacewalk
Name of the Vulnerable Software and Affected Versions: Spacewalk version 1.6 Description: A cross-site scripting XSS issue exists in the Lookup Login/Password form, allowing remote attackers to inject arbitrary web script or HTML via the URI. This could potentially lead to unauthorized access or...
DEBIAN-CVE-2013-7303
Multiple cross-site scripting XSS vulnerabilities in 1 squelettes-dist/formulaires/inscription.php and 2 prive/forms/editerauteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field...
CVE-2012-6447
Concretely, CVE-2012-6447 affects Splunk Web in Splunk 5.0.0–5.0.2, where a cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary script/HTML via unspecified vectors. The issue is mitigated by upgrading to a fixed release (e.g., Splunk 5.0.3 or later) as indicated b...
DEBIAN-CVE-2010-5294
Multiple cross-site scripting XSS vulnerabilities in the requestfilesystemcredentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a 1 FTP or 2 SSH connection attempt...
Cross site scripting
Cross-site scripting XSS vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element...
UBUNTU-CVE-2014-0977
Cross-site scripting XSS vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
UBUNTU-CVE-2013-7077
Cross-site scripting XSS vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
UBUNTU-CVE-2013-6415
Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...
UBUNTU-CVE-2013-4492
Cross-site scripting XSS vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call...
DEBIAN-CVE-2013-6395
Cross-site scripting XSS vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the hostregex parameter to the default URI, which is processed by getcontext.php...
CVE-2013-5563
Cross-site scripting XSS vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System CS-MARS allows remote attackers to inject arbitrary web script or HTML via the isnowLatency parameter, aka Bug ID CSCul16173...
DEBIAN-CVE-2013-4249
Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...
CVE-2013-5943
Multiple cross-site scripting XSS vulnerabilities in Graphite before 0.9.11 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
UBUNTU-CVE-2013-4341
Multiple cross-site scripting XSS vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed...
httpd: multiple XSS flaws due to unescaped hostnames
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...