Export limit exceeded: 364934 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 47294 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47294 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5388 2 Videousermanuals, Wordpress 2 White-label-cms, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387.
CVE-2012-5384 1 Webcalendar Project 1 Webcalendar 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846.
CVE-2013-5300 1 Alienvault 1 Open Source Security Information Management 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section parameter to av_inventory/task_edit.php; the (4) profile parameter to nfsen/rrdgraph.php; or the (5) scan_server or (6) targets parameter to vulnmeter/simulate.php.
CVE-2011-2406 1 Hp 1 Openview Performance Insight 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1427 1 Kodak 1 Insite 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Language parameter to Pages/login.aspx, (2) HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or (3) User-Agent header to troubleshooting/speedtest.asp.
CVE-2012-0846 1 K5n 1 Webcalendar 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable.
CVE-2012-5341 1 Otterware 1 Statit 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show parameter in a stat_tld action, or (3) order parameter in a stat_abfragen action.
CVE-2012-2570 1 Qualiteam 1 X-cart 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter.
CVE-2012-2577 1 Solarwinds 1 Orion Network Performance Monitor 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file.
CVE-2012-5325 2 Cartpauj, Wordpress 2 Shortcode-redirect, Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag.
CVE-2012-2578 1 Smartertools 1 Smartermail 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document.
CVE-2012-2586 1 Mailtraq 1 Mailtraq 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with (1) a JavaScript alert function used in conjunction with the fromCharCode method or (2) a SCRIPT element; an e-mail message body with (3) a crafted SRC attribute of an IFRAME element, (4) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (5) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an IMG element; or an e-mail message Date header with (6) a JavaScript alert function used in conjunction with the fromCharCode method, (7) a SCRIPT element, (8) a CSS expression property in the STYLE attribute of an arbitrary element, (9) a crafted SRC attribute of an IFRAME element, or (10) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
CVE-2012-0872 1 Oxwall 1 Oxwall 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in OxWall 1.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) captchaField, (2) email, (3) form_name, (4) password, (5) realname, (6) repeatPassword, or (7) username parameters to Oxwall/join; (8) captcha, (9) email, (10) form_name, (11) from, or (12) subject parameters to Oxwall/contact; (13) tag parameter to Oxwall/blogs/browse-by-tag; or (14) PATH_INFO to Oxwall/photo/viewlist/tagged, (15) Oxwall/photo/viewlist, or (16) Oxwall/video/viewlist.
CVE-2012-5314 1 Heikki Hokkanen 1 Viewgit 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the f parameter.
CVE-2012-0873 1 Boonex 1 Dolphin 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.
CVE-2012-3503 4 Cloudforms Systemengine, Redhat, Rhel Sam and 1 more 4 1, Enterprise Linux Server, 1.1 and 1 more 2025-04-11 9.8 Critical
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
CVE-2012-0903 1 Vmware 1 Zimbra Desktop 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop 7.1.2 b10978 allow remote attackers to inject arbitrary web script or HTML via the (1) Username or (2) MailBox Name.
CVE-2012-0908 1 Simplesamlphp 1 Simplesamlphp 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the link_href parameter.
CVE-2012-0909 1 Horde 1 Groupware Webmail Edition 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information.
CVE-2013-5001 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link.