Search Results (47251 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-4183 2 Htmlpurifier, Microsoft 2 Htmlpurifier, Internet Explorer 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.
CVE-2010-4030 1 Hp 1 Insight Control Performance Management 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4023 1 Hp 1 Insight Control Power Management 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3690 1 Apereo 1 Phpcas 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls.
CVE-2014-1869 2 Redhat, Zeroclipboard Project 2 Openshift, Zeroclipboard 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).
CVE-2012-3846 1 Atmoner 1 Php-pastebin 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin 2.1 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
CVE-2012-4928 1 Oxwall 1 Oxwall 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter.
CVE-2012-4923 1 Endian 1 Firewall 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi.
CVE-2012-3844 1 Vbulletin 1 Vbulletin 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post.
CVE-2012-4336 1 Mike Carr 1 Flogr 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary parameter.
CVE-2010-3994 1 Hp 2 Hp, Version Control Repository Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP Version Control Repository Manager (VCRM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-3233 1 Kayako 1 Fusion 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2012-2156 1 Plume-cms 1 Plume Cms 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section.
CVE-2010-3991 1 Hp 2 Insight Control Server Migration, Insight Control Server Migration6.0.1 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3693 1 Horde 2 Dynamic Imp, Groupware 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.
CVE-2010-4718 2 Joomla, Lyften 2 Joomla\!, Com Lyftenbloggie 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenbloggie (com_lyftenbloggie) component 1.1.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) tag and (2) category parameters to index.php.
CVE-2012-4273 2 Ppfeufer, Wordpress 2 2-click-social-media-buttons, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.
CVE-2012-4267 1 Pu-gh 1 Sockso 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2014-1879 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.
CVE-2010-2228 1 Moodle 1 Moodle 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username.