Search Results (47349 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-1772 2 Apache, Opensymphony 3 Struts, Webwork, Xwork 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
CVE-2011-5128 2 Bueltge, Wordpress 2 Adminimize, Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, or (3) inc-options/im_export_options.php, or the (4) post or (5) post_ID parameters to adminimize.php, different vectors than CVE-2011-4926.
CVE-2009-4975 1 Nokia 1 Qtdemobrowser 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536.
CVE-2009-4976 2 Kde, Urs Wolfer 2 Konqueror, Kwebkitpart 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536.
CVE-2010-4667 1 Coppermine-gallery 1 Coppermine Photo Gallery 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4984 1 Websitesrus 1 Accessories Me Php Affiliate Script 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php.
CVE-2011-1838 1 Twiki 1 Twiki 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.
CVE-2010-1389 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection.
CVE-2011-1362 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1308.
CVE-2010-4646 1 Hastymail 1 Hastymail2 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter.
CVE-2010-4642 1 Xwiki 1 Xwiki 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-3805 1 Kajona 1 Kajona 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module. NOTE: some of these details are obtained from third party information.
CVE-2009-4991 1 Omnistaretools 1 Omnistar Recruiting 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in users/resume_register.php in Omnistar Recruiting allows remote attackers to inject arbitrary web script or HTML via the job2 parameter.
CVE-2010-4610 1 Html-edit 1 Html-edit Cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2010-4555 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page.
CVE-2010-4518 2 Wobeo, Wordpress 2 Wp-safe-search, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter.
CVE-2013-1614 1 Symantec 2 Security Information Manager, Security Information Manager Appliance 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-2226 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing.
CVE-2009-5092 1 Microsoft 2 Fast Esp, Sharepoint Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-5048 1 Ibm 1 Web Experience Factory 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (aka WEF, formerly WebSphere Portlet Factory) 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a (1) text INPUT element or (2) TEXTAREA element, related to an interaction between Smart Refresh and Dojo.