CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Cross Site Scripting (XSS))

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complex ity Authen tication Confiden tiality Integrity Availa bility
1 CVE-2012-2920 79 XSS 2012-05-21 2012-05-22
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information.
2 CVE-2012-2918 79 1 XSS 2012-05-21 2012-05-22
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.
3 CVE-2012-2917 79 1 XSS 2012-05-21 2012-05-22
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-and-follow-menu page to wp-admin/admin.php.
4 CVE-2012-2916 79 1 XSS 2012-05-21 2012-05-22
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php.
5 CVE-2012-2914 79 1 XSS 2012-05-21 2012-05-22
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
6 CVE-2012-2913 79 1 XSS 2012-05-21 2012-05-22
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php.
7 CVE-2012-2912 79 1 XSS 2012-05-21 2012-05-22
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter in the show-league page or (2) season parameter in the team page to wp-admin/admin.php.
8 CVE-2012-2911 79 1 XSS 2012-05-21 2012-05-22
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in backupDB.php in SiliSoftware backupDB() 1.2.7a allows remote attackers to inject arbitrary web script or HTML via the onlyDB parameter.
9 CVE-2012-2910 79 1 XSS 2012-05-21 2012-05-22
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.random.php or (2) title parameter to demo/phpThumb.demo.showpic.php.
10 CVE-2012-2909 79 1 XSS 2012-05-21 2012-05-22
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Word field in Zensur, or (3) Portal or (4) Topic field in Kommentar.
11 CVE-2012-2907 79 XSS 2012-05-21 2012-05-22
2.6
 None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb.
12 CVE-2012-2906 79 1 XSS 2012-05-21 2012-05-22
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recommandation/index.php in Artiphp CMS 5.5.0 Neo (r422) allow remote attackers to inject arbitrary web script or HTML via the (1) add_img_name_post, (2) asciiart_post, (3) expediteur, (4) titre_sav, or (5) z39d27af885b32758ac0e7d4014a61561 parameter.
13 CVE-2012-2904 79 XSS 2012-05-21 2012-05-22
4.3
 None Remote Medium Not required None Partial None
player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter.
14 CVE-2012-2903 79 XSS 2012-05-21 2012-05-22
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
15 CVE-2012-2901 79 XSS 2012-05-21 2012-05-22
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php.
16 CVE-2012-2759 79 XSS 2012-05-22 2012-05-23
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php.
17 CVE-2012-2404 79 XSS 2012-04-21 2012-04-23
4.3
 None Remote Medium Not required None Partial None
wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
18 CVE-2012-2403 79 XSS 2012-04-21 2012-04-23
4.3
 None Remote Medium Not required None Partial None
wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
19 CVE-2012-2398 79 XSS 2012-04-20 2012-04-20
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
20 CVE-2012-2397 352 XSS CSRF 2012-04-20 2012-04-20
6.8
 None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in ownCloud 3.0.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
21 CVE-2012-2339 79 XSS 2012-05-21 2012-05-22
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."
22 CVE-2012-2269 79 XSS 2012-04-20 2012-04-20
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 3.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php.
23 CVE-2012-2234 79 1 XSS 2012-04-21 2012-04-23
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action.
24 CVE-2012-2156 79 XSS 2012-04-11 2012-04-11
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section.
25 CVE-2012-2008 79 XSS 2012-05-09 2012-05-10
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
26 CVE-2012-2005 79 XSS 2012-05-02 2012-05-11
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
27 CVE-2012-2001 79 XSS 2012-05-02 2012-05-11
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
28 CVE-2012-1992 79 XSS 2012-04-11 2012-04-11
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template).
29 CVE-2012-1990 79 XSS 2012-05-22 2012-05-23
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields.
30 CVE-2012-1984 79 XSS 2012-04-17 2012-04-17
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
31 CVE-2012-1982 79 XSS 2012-04-05 2012-04-09
3.5
 None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in my_admin/admin1_list_pages.php in SocialCMS 1.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the TR_title parameter in an edit action.
32 CVE-2012-1979 79 1 XSS 2012-04-17 2012-05-22
3.5
 None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action.
33 CVE-2012-1842 79 XSS 2012-03-22 2012-04-12
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
34 CVE-2012-1807 79 XSS 2012-04-13 2012-04-16
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
35 CVE-2012-1789 79 XSS 2012-03-19 2012-03-27
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Kongreg8 1.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) surname or (2) firstname parameters to modules/members/addmember.php; or (3) groupdescription or (4) groupname parameters to modules/groups/addgroupform.php.
36 CVE-2012-1788 79 1 XSS 2012-03-19 2012-03-20
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi in WonderDesk SQL 4.14 allow remote attackers to inject arbitrary web script or HTML via the (1) cus_email parameter in a cust_lostpw action; or (2) help_name, (3) help_email, (4) help_website, or (5) help_example_url parameters in an hd_modify_record action.
37 CVE-2012-1787 79 1 XSS 2012-03-19 2012-03-20
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DOMAIN parameters.
38 CVE-2012-1782 79 XSS 2012-03-19 2012-03-20
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar.
39 CVE-2012-1781 79 1 XSS 2012-03-19 2012-03-20
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ajax/commentajax.php in SocialCMS 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) TREF_email_address or (2) TR_name parameters.
40 CVE-2012-1779 79 1 XSS 2012-03-19 2012-03-20
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IDevSpot idev-BusinessDirectory 3.0 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter to index.php.
41 CVE-2012-1575 79 XSS 2012-04-22 2012-04-23
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages.
42 CVE-2012-1512 79 XSS 2012-03-16 2012-03-19
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry.
43 CVE-2012-1511 79 XSS 2012-03-16 2012-03-19
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
44 CVE-2012-1410 79 XSS 2012-02-29 2012-02-29
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description.
45 CVE-2012-1290 79 XSS 2012-02-23 2012-02-24
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter.
46 CVE-2012-1262 79 XSS 2012-03-02 2012-03-05
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318.
47 CVE-2012-1247 79 XSS 2012-05-15 2012-05-23
2.6
 None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML by leveraging support for Cascading Style Sheets (CSS) expressions.
48 CVE-2012-1246 79 XSS 2012-05-15 2012-05-23
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie.
49 CVE-2012-1245 79 XSS 2012-04-27 2012-04-30
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the cleanup_urls function in forum/utils/html.py in OSQA before 1234, and 0.9.0 Beta 3 and earlier, allows remote attackers to inject arbitrary web script or HTML via vectors related to a crafted URI.
50 CVE-2012-1240 79 XSS 2012-04-16 2012-04-16
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikunabi 2013 extension before 1.0.1 for Google Chrome allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Total number of vulnerabilities : 6571   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.