Export limit exceeded: 348830 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 16383 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45741 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2209 | 1 Piwigo | 1 Piwigo | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module. | ||||
| CVE-2012-2205 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query. | ||||
| CVE-2012-2177 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors related to the search feature. | ||||
| CVE-2012-2156 | 1 Plume-cms | 1 Plume Cms | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section. | ||||
| CVE-2013-4833 | 1 Hp | 1 Service Manager | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-4384 | 2 Drupal, Google Site Search Project | 2 Drupal, Google Site Search Module | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API. | ||||
| CVE-2013-6733 | 1 Ibm | 1 Sametime | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-4383 | 2 Dennis Bruecke, Drupal | 2 Jquery Countdown, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-5608 | 1 Owncloud | 1 Owncloud Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters. | ||||
| CVE-2012-5585 | 2 Drupal, Mixpanel Project | 2 Drupal, Mixpanel | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token. | ||||
| CVE-2013-6732 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | ||||
| CVE-2013-4705 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding. | ||||
| CVE-2012-1470 | 1 Ocportal | 1 Ocportal | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters. | ||||
| CVE-2012-5460 | 1 Juniper | 17 Fips Secure Access 4000, Fips Secure Access 4500, Fips Secure Access 6000 and 14 more | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter. | ||||
| CVE-2012-5452 | 1 Intelliants | 1 Subrion Cms | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2. | ||||
| CVE-2013-6721 | 1 Ibm | 1 Websphere Service Registry And Repository | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets. | ||||
| CVE-2013-3538 | 1 Wesley Destailleur | 1 Todoo Forum | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter. | ||||
| CVE-2013-6711 | 1 Cisco | 1 Webex Sales Center | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul25540. | ||||
| CVE-2012-1262 | 1 Movabletype | 4 Movable Type Advanced, Movable Type Enterprise, Movable Type Open Source and 1 more | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318. | ||||
| CVE-2013-3534 | 2 Algisinfo, Joomla | 2 Aicontactsafe, Joomla\! | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||