Search Results (47297 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5585 2 Drupal, Mixpanel Project 2 Drupal, Mixpanel 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token.
CVE-2012-5349 1 Wordpress 2 Pay-with-tweet, Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.
CVE-2012-5455 1 Joomla 1 Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error."
CVE-2013-3025 1 Ibm 1 Rational Focal Point 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.5.x and 6.6.x before 6.6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-1232 2 Foliovision, Wordpress 2 Foliopress Wysiwyg, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-0323 2 Display Suite Project, Drupal 2 Ds, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field.
CVE-2013-3262 2 Mikejolley, Wordpress 2 Download Monitor, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter.
CVE-2012-4262 1 Hccgmbh 1 Mycare2x 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php.
CVE-2013-3267 1 Joomla 1 Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3261 2 Photogallerycreator, Wordpress 2 Flash-album-gallery, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action.
CVE-2012-5460 1 Juniper 17 Fips Secure Access 4000, Fips Secure Access 4500, Fips Secure Access 6000 and 14 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.
CVE-2013-3263 1 Smackcoders 1 Wp Ultimate Email Marketer Plugin 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3) campaignname, (4) campaignformat, or (5) emailtemplate parameter to campaign/campaigntwo.php; the (6) listid parameter to list/edit.php; the (7) campaignid or (8) siteurl parameter to campaign/editcampaign.php; the (9) campaignid parameter to campaign/selectlistb4send.php; the (10) campaignid, (11) campaignname, (12) campaignsubject, or (13) selectedcampaigns parameter to campaign/sendCampaign.php; or the (14) campaignid, (15) campaignname, (16) campaignformat, or (17) action parameter to campaign/updatecampaign.php.
CVE-2013-4676 1 Symantec 1 Backup Exec 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console; or (4) a Backup Exec server-management page in the beutility console.
CVE-2013-4674 1 Symantec 2 Encryption Management Server, Pgp Universal Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.
CVE-2013-4670 1 Symantec 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4266 1 Itechscripts 1 Proman Xpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of these details are obtained from third party information.
CVE-2014-0668 1 Cisco 1 Secure Access Control System 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949.
CVE-2012-4267 1 Pu-gh 1 Sockso 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2013-5326 1 Adobe 1 Coldfusion 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the logviewer directory.
CVE-2012-4273 2 Ppfeufer, Wordpress 2 2-click-social-media-buttons, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.