Search Results (47151 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5903 1 Simple Machines 1 Smf 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php.
CVE-2013-5222 1 Esri 1 Arcgis Server 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-5902 1 Dflabs 1 Ptk 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter.
CVE-2013-1227 1 Cisco 1 Unified Communications Domain Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCug37902.
CVE-2013-5218 1 Hot 2 Hotbox Router, Hotbox Router Firmware 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp.
CVE-2012-4345 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.
CVE-2012-5889 2 Alex Kellner, Typo3 2 Powermail, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-5888 2 Benjamin Mack, Typo3 2 Seo Basics, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4344 1 Progress 1 Whatsup Gold 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host.
CVE-2012-4342 1 Menalto 1 Gallery 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3639 1 Xaraya 1 Xaraya 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4) tabmodule parameter to index.php.
CVE-2013-5020 1 Minibb 1 Minibb 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) forum_icon, or (4) forum_desc parameter. NOTE: the whatus vector is already covered by CVE-2008-2066.
CVE-2013-0708 1 Bayashi 1 Dopvcomet\* 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log.
CVE-2010-3317 1 Ibm 1 Filenet Content Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-1244 1 Cisco 1 Webex Social 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199.
CVE-2013-0709 1 Bayashi 1 Dopvstar\* 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in dopvSTAR* 0091 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log.
CVE-2012-5882 1 Yahoo 1 Yui 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.
CVE-2013-1247 1 Cisco 1 Prime Infrastructure 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not properly handled during display of the XML windowing table, aka Bug ID CSCuf04356.
CVE-2013-7002 1 Livezilla 1 Livezilla 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter.
CVE-2012-2331 1 S9y 1 Serendipity 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).