CVE-2010-1856

Cross-site scripting XSS vulnerability in index.php in RepairShop2 1.9.023 Trial, when magicquotesgpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action...

CVE-2010-1541

Multiple cross-site scripting XSS vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 category and 2 listquantity parameters to index.php, and the 3 category parameter to your.order.php...

CVE-2010-2970

Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 action/SlideShow.py, 2 action/anywikidraw.py, and 3 action/languagesetup.py, a similar issue to CVE-2010-2487...

CVE-2010-4412

Multiple cross-site scripting XSS vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via 1 the id parameter in an olsrd.xml action to pkgedit.php, 2 the xml parameter to pkg.php, or the if parameter to 3 statusgraph.php or 4 interfaces.php, a differe...

CVE-2010-4246

Multiple cross-site scripting XSS vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the 1 ifnum or 2 ifname parameter, a different vulnerability than CVE-2008-1182...

CVE-2010-0699

Cross-site scripting XSS vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2012-5606

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the 1 file name to apps/filesversions/js/versions.js or 2 apps/files/js/filelist.js; or 3 event title to 3rdparty/fullcalendar/js/fullcalendar.js...

CVE-2012-1898

Multiple cross-site scripting XSS vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 username, 2 useremail, or 3 userusername parameters...

CVE-2012-1000

Multiple cross-site scripting XSS vulnerabilities in LEPTON 1.1.3 and other versions before 1.1.4 allow remote attackers to inject arbitrary web script or HTML via the 1 message parameter to admins/login/forgot/index.php, or the 2 displayname or 3 email parameter to account/preferences.php...

CVE-2012-1613

Cross-site scripting XSS vulnerability in editonepic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter...

CVE-2012-2648

Cross-site scripting XSS vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser...

CVE-2012-2064

Cross-site scripting XSS vulnerability in theme/viewslangswitch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2012-4396

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 file names to apps/userldap/settings.php; 2 url or 3 title parameter to apps/bookmarks/ajax/editBookmark.php; 4 tag or 5 page parameter to...

CVE-2012-4532

Cross-site scripting XSS vulnerability in modules/modlanguages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php. NOTE: some of these details are obtained from third party...

CVE-2012-4541

Cross-site scripting XSS vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-4602

Multiple cross-site scripting XSS vulnerabilities in admin/code/tceselectuserspopup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the 1 cid or 2 uids parameter...

CVE-2013-7275

Cross-site scripting XSS vulnerability in misc.php in MyBB aka MyBulletinBoard before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup...

CVE-2013-7231

Cross-site scripting XSS vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222...

CVE-2013-3589

Cross-site scripting XSS vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter...

CVE-2013-3652

Cross-site scripting XSS vulnerability in data/class/pages/products/LCPageProductsList.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategoryid2 field, a different vulnerability than CVE-2013-3653...