CVE-2011-1221

Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zon...

CVE-2011-5317

Cross-site scripting XSS vulnerability in editText.php in WonderCMS before 0.4 allows remote attackers to inject arbitrary web script or HTML via the content parameter...

CVE-2011-5299

Multiple cross-site scripting XSS vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupname parameter to...

CVE-2011-5305

Multiple cross-site scripting XSS vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attackers to inject arbitrary web script or HTML via 1 the rcopy parameter to cgi-bin/admin/rubrikadmin.cgi, 2 the typ parameter to cgi-bin/admin/artikeladmin.cgi, or 3 the suchbegriff parameter to...

CVE-2011-5301

Multiple cross-site scripting XSS vulnerabilities in PHPDug 2.0.0 allow remote attackers to inject arbitrary web script or HTML via 1 the storyurl parameter to addstory.php, 2 the email parameter to editprofile.php, 3 the title parameter to adm/contentadd.php, or 4 the username parameter to...

CVE-2011-5256

Cross-site scripting XSS vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters...

CVE-2011-5257

Multiple cross-site scripting XSS vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 twitterid parameter related to the Twitter widget and 2 facebookid parameter related to the Facebook widget...

CVE-2014-9243

Multiple cross-site scripting XSS vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to wb/admin/admintools/tool.php or 2 sectionid parameter to editmodulefiles.php, 3 news/addpost.php, 4 news/modifygroup.php, 5...

CVE-2011-5159

Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...

CVE-2013-3616

Cross-site scripting XSS vulnerability in the KnowledgeView Editorial and Management application allows remote attackers to inject arbitrary web script or HTML via the username parameter...

CVE-2014-9098

Multiple cross-site scripting XSS vulnerabilities in the Apptha WordPress Video Gallery contus-video-gallery plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the videoadssearchQuery parameter to 1...

CVE-2014-9100

Cross-site scripting XSS vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydoworkadsense page to wp-admin/options-general.php...

CVE-2012-4043

Cross-site scripting XSS vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a...

CVE-2012-4015

Cross-site scripting XSS vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted database entry...

CVE-2011-4750

Multiple cross-site scripting XSS vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files...

CVE-2010-4886

Cross-site scripting XSS vulnerability in the "official twitter tweet button for your page" tweetbutton extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-1482

Cross-site scripting XSS vulnerability in admin/editprefs.php in the backend in CMS Made Simple CMSMS before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the dateformatstring parameter...

CVE-2010-4779

Cross-site scripting XSS vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouchsettings parameter to include/adsense-new.php. NOTE: some of these details are obtained from...

CVE-2010-1076

Cross-site scripting XSS vulnerability in index.php in Entry Level CMS EL CMS allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are...

CVE-2012-2331

Cross-site scripting XSS vulnerability in serendipity/serendipityadminimageselector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipitytextarea parameter. NOTE: this issue might be resultant from cross-site request forgery CSRF...