Total
37711 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-10004 | 1 Backdropcms | 1 Basic Cart | 2024-11-21 | 3.5 Low |
| A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It has been classified as problematic. Affected is the function basic_cart_checkout_form_submit of the file basic_cart.cart.inc. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.x-1.1.1 is able to address this issue. The patch is identified as a10424ccd4b3b4b433cf33b73c1ad608b11890b4. It is recommended to upgrade the affected component. VDB-217950 is the identifier assigned to this vulnerability. | ||||
| CVE-2012-10003 | 1 Rivettracker Project | 1 Rivettracker | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This issue affects some unknown processing. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The patch is named f053c5cc2bc44269b0496b5f275e349928a92ef9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217271. | ||||
| CVE-2012-0941 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list. | ||||
| CVE-2012-0812 | 2 Debian, Postfix Admin Project | 2 Debian Linux, Postfix Admin | 2024-11-21 | 6.1 Medium |
| PostfixAdmin 2.3.4 has multiple XSS vulnerabilities | ||||
| CVE-2011-5329 | 1 Redirection | 1 Redirection | 2024-11-21 | N/A |
| The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. | ||||
| CVE-2011-5018 | 1 Koala-framework | 1 Koala Framework | 2024-11-21 | 6.1 Medium |
| Koala Framework before 2011-11-21 has XSS via the request_uri parameter. | ||||
| CVE-2011-4938 | 1 Muze | 1 Ariadne | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php. | ||||
| CVE-2011-4924 | 1 Zope | 1 Zope | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104 | ||||
| CVE-2011-4903 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function. | ||||
| CVE-2011-4632 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message. | ||||
| CVE-2011-4631 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler. | ||||
| CVE-2011-4630 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard. | ||||
| CVE-2011-4629 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel. | ||||
| CVE-2011-4626 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function. | ||||
| CVE-2011-4455 | 1 Tiki | 1 Tiki | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php. | ||||
| CVE-2011-4454 | 1 Tiki | 1 Tiki | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index. | ||||
| CVE-2011-4336 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 6.1 Medium |
| Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php. | ||||
| CVE-2011-4095 | 1 Jara Project | 1 Jara | 2024-11-21 | 6.1 Medium |
| Jara 1.6 has an XSS vulnerability | ||||
| CVE-2011-4090 | 1 S9y | 1 Serendipity | 2024-11-21 | 6.1 Medium |
| Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation. | ||||
| CVE-2011-3656 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing. | ||||