Total
37047 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4519 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | 6.1 Medium |
| Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS. | ||||
| CVE-2012-4451 | 3 Fedoraproject, Redhat, Zend | 3 Fedora, Enterprise Linux, Zend Framework | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper. | ||||
| CVE-2012-4441 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin. | ||||
| CVE-2012-4440 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin. | ||||
| CVE-2012-4439 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins. | ||||
| CVE-2012-4384 | 2 Debian, Trilexnet | 2 Debian Linux, Letodms | 2024-11-21 | 6.1 Medium |
| letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar | ||||
| CVE-2012-4029 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action. | ||||
| CVE-2012-3536 | 1 Apache | 1 Hupa | 2024-11-21 | N/A |
| Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3. | ||||
| CVE-2012-3351 | 1 Longtailvideo | 1 Jw Player | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript. | ||||
| CVE-2012-3341 | 1 Ibm | 1 Infosphere Guardium | 2024-11-21 | 5.4 Medium |
| IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 78294. | ||||
| CVE-2012-2593 | 1 Atmail | 1 Atmail | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email. | ||||
| CVE-2012-2517 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php. | ||||
| CVE-2012-2452 | 1 Pragmamx | 1 Pragmamx | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php. | ||||
| CVE-2012-2237 | 2 Debian, Mahara | 2 Debian Linux, Mahara | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile. | ||||
| CVE-2012-2160 | 1 Ibm | 1 Rational Change | 2024-11-21 | 6.1 Medium |
| IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
| CVE-2012-2078 | 1 Drupal | 1 Activity | 2024-11-21 | 4.8 Medium |
| Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal. | ||||
| CVE-2012-20001 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 6.1 Medium |
| PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field. | ||||
| CVE-2012-1932 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting. | ||||
| CVE-2012-1915 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | 6.1 Medium |
| EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks. | ||||
| CVE-2012-1903 | 1 Telligent | 1 Community | 2024-11-21 | 5.4 Medium |
| XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter. | ||||