Export limit exceeded: 47297 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47297 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4941 2 Moodle, Yahoo 2 Moodle, Yui 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
CVE-2013-4942 2 Moodle, Yahoo 2 Moodle, Yui 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
CVE-2013-4944 2 Fusedpress, Wordpress 2 Buddypress-extended-frienship-request, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendship_request_message parameter to wp-admin/admin-ajax.php. NOTE: some of these details are obtained from third party information.
CVE-2013-2201 1 Wordpress 1 Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editing of media files, (3) installation of plugins, (4) updates to plugins, (5) installation of themes, or (6) updates to themes.
CVE-2013-4950 1 Machform 1 Machform 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.
CVE-2013-5118 1 Good 1 Good For Enterprise 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Good for Enterprise app before 2.2.4.1659 for iOS allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail message.
CVE-2013-4951 1 Mintboard 1 Mintboard 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) pass parameter in views/login.php or (3) name or (4) pass parameter in views/signup.php.
CVE-2013-2205 1 Wordpress 1 Wordpress 2025-04-11 N/A
The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.
CVE-2013-2311 1 Web2py 1 Web2py 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in static/js/share.js (aka the social bookmarking widget) in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4712 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2025-04-11 N/A
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors.
CVE-2011-4942 1 Geeklog 1 Geeklog 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the (1) subgroup or (2) conf_group parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF protection mechanism.
CVE-2013-5108 1 Rockmongo 1 Rockmongo 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) db parameter on the login page or (2) username parameter in a login.index action to index.php and other unspecified parameters.
CVE-2012-4259 1 C4b 1 Xphone Unified Communications 2011 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allows remote attackers to inject arbitrary web script or HTML via the company name. NOTE: some of these details are obtained from third party information.
CVE-2012-4262 1 Hccgmbh 1 Mycare2x 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php.
CVE-2012-3503 4 Cloudforms Systemengine, Redhat, Rhel Sam and 1 more 4 1, Enterprise Linux Server, 1.1 and 1 more 2025-04-11 9.8 Critical
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
CVE-2012-5943 1 Ibm 1 Lotus Inotes 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving mail, aka SPR JDOE8ZZS9.
CVE-2012-5913 2 Wordpress, Wordpress Integrator Project 2 Wordpress, Wordpress Integrator 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.
CVE-2012-5906 1 Morequick 1 Greenbrowser 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in an about: page or (2) the last visited URL in the LastVisitWriteEn function in function.js.
CVE-2012-5948 1 Ibm 1 Tririga Application Platform 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) WebProcess.srv, (2) the html/en/default/ directory, (3) Widget/resource, (4) birt/frameset, or (5) ganttlib/gantt-jws.jnlp.
CVE-2013-4600 1 Alkacon 1 Opencms 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html.