CVE-2014-8364

Cross-site scripting XSS vulnerability in sshandler.php in the WordPress Spreadsheet wpSS plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ssid parameter...

CVE-2015-6509

Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 proxypass parameter to systemadvancedmisc.php; 2 adaptiveend, 3 adaptivestart, 4 maximumstates, 5 maximumtableentries, or 6 aliasesresolveinterval...

CVE-2011-3859

Cross-site scripting XSS vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter...

CVE-2012-5184

Cross-site scripting XSS vulnerability in the Olive Toast Documents Pro File Viewer formerly Files HD app before 1.11.1 for iOS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-5150

Multiple cross-site scripting XSS vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the 1 query parameter in the runqueryeditorquery module to CustomReportHandler.do, 2 compAcct parameter to jsp/ResetADPwd.jsp,...

CVE-2015-6921

Cross-site scripting XSS vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-5181

Cross-site scripting XSS vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-6528

Multiple cross-site scripting XSS vulnerabilities in installclassic.php in Coppermine Photo Gallery CPG 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the 1 adminusername, 2 adminpassword, 3 adminemail, 4 dbserver, 5 dbname, 6 dbuser, 7 dbpass, 8 tableprefix, or 9 impath...

CVE-2014-5345

Cross-site scripting XSS vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter...

CVE-2014-5344

Multiple cross-site scripting XSS vulnerabilities in the Mobiloud mobiloud-mobile-app-plugin plugin before 2.3.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information...

CVE-2013-1114

Multiple cross-site scripting XSS vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527...

CVE-2013-0317

Cross-site scripting XSS vulnerability in the Manager Change for Organic Groups ogmanagerchange module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field...

CVE-2012-5608

Cross-site scripting XSS vulnerability in apps/userwebdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters...

CVE-2012-2235

Cross-site scripting XSS vulnerability in Support Incident Tracker SiT! 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message...

CVE-2010-2675

Cross-site scripting XSS vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an articolo action...

CVE-2009-3225

Multiple cross-site scripting XSS vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via 1 the page parameter in a browse action to index.php or 2 the addr parameter to...

CVE-2009-3192

Multiple cross-site scripting XSS vulnerabilities in index.php in LinkorCMS 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the searchstr parameter in a search action; or the 2 nikname, 3 realname, 4 homepage, or 5 city parameter in a registration action...

CVE-2009-5142

Cross-site scripting XSS vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter...

CVE-2009-1880

Cross-site scripting XSS vulnerability in MT312 REP-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 model.php and 2 config.php with timestamps before 20090521...

CVE-2009-2442

Cross-site scripting XSS vulnerability in public/index.php in Linea21 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a resultats-recherche action...