Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3536 | 1 Apache | 1 Hupa | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3. | |||||
| CVE-2012-3351 | 1 Longtailvideo | 1 Jw Player | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript. | |||||
| CVE-2012-3341 | 1 Ibm | 1 Infosphere Guardium | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 78294. | |||||
| CVE-2012-2593 | 1 Atmail | 1 Atmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email. | |||||
| CVE-2012-2517 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php. | |||||
| CVE-2012-2452 | 1 Pragmamx | 1 Pragmamx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php. | |||||
| CVE-2012-2237 | 2 Debian, Mahara | 2 Debian Linux, Mahara | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile. | |||||
| CVE-2012-2160 | 1 Ibm | 1 Rational Change | 2024-11-21 | N/A | 6.1 MEDIUM |
| IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2012-2078 | 1 Drupal | 1 Activity | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal. | |||||
| CVE-2012-20001 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field. | |||||
| CVE-2012-1932 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting. | |||||
| CVE-2012-1915 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks. | |||||
| CVE-2012-1903 | 1 Telligent | 1 Community | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter. | |||||
| CVE-2012-1637 | 1 Drupal | 1 Quick Tabs | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal. | |||||
| CVE-2012-1500 | 1 Atlassian | 2 Greenhopper, Jira | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code. | |||||
| CVE-2012-1261 | 1 Plixer | 1 Scrutinizer Netflow \& Sflow Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter. | |||||
| CVE-2012-1260 | 1 Plixer | 1 Scrutinizer Netflow \& Sflow Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script. | |||||
| CVE-2012-1115 | 3 Debian, Fedoraproject, Ldap-account-manager | 3 Debian Linux, Fedora, Ldap Account Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php. | |||||
| CVE-2012-1114 | 3 Debian, Fedoraproject, Ldap-account-manager | 3 Debian Linux, Fedora, Ldap Account Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php. | |||||
| CVE-2012-1001 | 1 Chyrp | 1 Chyrp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php. | |||||