Export limit exceeded: 365307 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365307 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 47368 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47368 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4989 1 Openx 1 Openx 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action.
CVE-2012-5368 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code.
CVE-2013-4378 1 Emeric Vernat 1 Javamelody 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header.
CVE-2011-3861 2 Webminimalist, Wordpress 2 Web Minimalist 200901, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2011-4319 1 Rubyonrails 2 Rails, Ruby On Rails 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string whose name ends with an "html" substring.
CVE-2011-4560 1 Drupal 2 Drupal, Petition Node Module 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition.
CVE-2011-4562 2 John Godley, Wordpress 2 Redirection Plugin, Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist.
CVE-2011-4563 1 Jakcms 1 Jakcms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in index.php in JAKCMS 2.0.4.1, and possibly other versions before 2.2.6 2011-09-23, allows remote attackers to inject arbitrary web script or HTML via the userpost parameter in a PM request, related to tinymce. NOTE: some of these details are obtained from third party information.
CVE-2011-4564 1 Activedev 1 Active Cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action.
CVE-2012-0324 2 Cloudbees, Jenkins 2 Jenkins, Jenkins 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.
CVE-2013-3192 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."
CVE-2013-5308 2 Juralsulek, Typo3 2 Realurlmanagement, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5309 2 Fudforum, Ilia Alshanetsky 2 Fudforum, Fudforum 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.
CVE-2013-6033 1 Lexmark 9 C52x, C53x, C920 and 6 more 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field.
CVE-2013-5307 2 Kennziffer, Typo3 2 Ke Search, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5305 2 Joachim Ruhs, Typo3 2 Locator, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5098 2 Mikejolley, Wordpress 2 Download Monitor, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262.
CVE-2013-4880 1 Bigtreecms 1 Bigtree Cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.
CVE-2013-4759 1 Magnolia-cms 2 Magnolia Cms, Magnolia Form Module 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html.
CVE-2012-4558 2 Apache, Redhat 4 Http Server, Enterprise Linux, Jboss Enterprise Application Platform and 1 more 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.