CVE-2019-5928

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function...

CVE-2019-6002

Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2019-17504

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. A reflected Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter...

CVE-2011-3990

Cross-site scripting XSS vulnerability in plugin/comment.inc.php in PukiWiki Plus! 1.4.7plus-u2-i18n and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-3684

Multiple cross-site scripting XSS vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via 1 the siteid parameter to logbook.asp, 2 the siteid parameter to monitor-events.asp, 3 the siteid parameter to...

CVE-2011-3371

Multiple cross-site scripting XSS vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the 1 id, 2 formsent, 3 csrftoken, 4 reqconfirm, or 5 delete parameter to delete.php, the 6 id, 7 formsent, 8 csrftoken, 9 reqmessage,...

CVE-2011-3010

Multiple cross-site scripting XSS vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or 2 the query string to SlideShow.pm in the...

CVE-2011-5285

Multiple cross-site scripting XSS vulnerabilities in BugFree 2.1.3 allow remote attackers to inject arbitrary web script or HTML via 1 the ActionType parameter to Bug.php, the ReportMode parameter to 2 Report.php or 3 ReportLeft.php, or the PATHINFO to 4 AdminProjectList.php, 5 AdminGroupList.php...

CVE-2011-1034

Cross-site scripting XSS vulnerability in the UI in IBM Rational Build Forge 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter to the fullcontrol program. NOTE: some of these details are obtained from third party information...

CVE-2011-1339

Cross-site scripting XSS vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-2771

Multiple cross-site scripting XSS vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 URI attributes and 2 the External Feed component, as demonstrated by the guid element in an RSS feed...

CVE-2011-4038

Cross-site scripting XSS vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

CVE-2011-4809

Multiple cross-site scripting XSS vulnerabilities in the HM Community comhmcommunity component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 language, 2 university, 3 persent, 4 companyname, 5 designation, 6 music, 7 books, 8 movies, 9 games, 10...

CVE-2011-4909

Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTPREFERER header to 1 components/comcontent/views/article/tmpl/form.php, 2 components/comuser/controller.php, 3 plugins/system/legacy/html.php, or 4...

CVE-2015-7708

Cross-site scripting XSS vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the catdescription parameter in an updatecat action to admin/categories.php...

CVE-2015-1565

Cross-site scripting XSS vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers...

CVE-2015-1575

Multiple cross-site scripting XSS vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the 1 c, 2 i, 3 l, or 4 p parameter to index.php; the 5 a or 6 b parameter to u5admin/cookie.php; the name parameter to 7 copy.php or 8 delete.php in u5admin/;...

CVE-2015-6807

Cross-site scripting XSS vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" permission to inject arbitrary web script or HTML via a category label...

CVE-2015-2244

Multiple cross-site scripting XSS vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the 1 param, 2 center, 3 lap, 4 termid, or 5 nyelvid parameter to index.php...

CVE-2016-3968

Multiple cross-site scripting XSS vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web scrip...