Export limit exceeded: 47293 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47293 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-0846 1 K5n 1 Webcalendar 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable.
CVE-2012-4712 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2025-04-11 N/A
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors.
CVE-2013-5108 1 Rockmongo 1 Rockmongo 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) db parameter on the login page or (2) username parameter in a login.index action to index.php and other unspecified parameters.
CVE-2012-5349 1 Wordpress 2 Pay-with-tweet, Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.
CVE-2012-5452 1 Intelliants 1 Subrion Cms 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2.
CVE-2012-4848 1 Ibm 1 Lotus Foundations Start 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users user-attribute field, as demonstrated by the (1) First Name or (2) Last Name field.
CVE-2011-4726 3 Microsoft, Parallels, Redhat 3 Windows, Parallels Plesk Panel, Enterprise Linux 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/health/ and certain other files.
CVE-2011-4754 1 Parallels 1 Parallels Plesk Small Business Panel 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/app/available/id/apscatalog/ and certain other files.
CVE-2011-4575 1 Redhat 4 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Soa Platform and 1 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4647 1 Geeklog 1 Geeklog 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the story creation feature in Geeklog 1.8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) code or (2) raw BBcode tags.
CVE-2013-5100 1 Franz Holzinger 1 Static Methods 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Static Methods since 2007 (div2007) extension before 0.10.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the t3lib_div::quoteJSvalue function.
CVE-2011-4572 1 Codefuture 1 Cf Image Hosting Script 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF Image Hosting Script 1.3.82, 1.4.1, and probably other versions before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this was originally reported as a file disclosure vulnerability, but this is likely inaccurate.
CVE-2012-5163 1 Osclass 1 Osclass 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category action to index.php.
CVE-2012-5164 1 Fork-cms 1 Fork Cms 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2) search/ajax/autosuggest.php, (3) livesuggest.php, or (4) save.php in frontend/modules/search/ajax.
CVE-2012-5169 1 Atutor 1 Acontent 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter.
CVE-2012-5460 1 Juniper 17 Fips Secure Access 4000, Fips Secure Access 4500, Fips Secure Access 6000 and 14 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.
CVE-2012-4531 1 Joomla 1 Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2570 1 Qualiteam 1 X-cart 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter.
CVE-2011-4567 1 Zen-cart 1 Zen Cart 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547.
CVE-2012-5177 2 Welcart, Wordpress 2 Welcart Plugin, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.