Export limit exceeded: 348669 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45732 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45732 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-5223 | 1 Cacti | 1 Cacti | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2011-4940 | 2 Python, Redhat | 2 Python, Enterprise Linux | 2025-04-11 | N/A |
| The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. | ||||
| CVE-2011-5214 | 1 Browsercrm | 1 Browsercrm | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php. | ||||
| CVE-2011-5211 | 1 Intelliants | 1 Subrion Cms | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452. | ||||
| CVE-2011-0504 | 1 Vamshop | 1 Vam Shop | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to admin/orders.php, (2) search parameter to admin/customers.php, or (3) STORE_NAME parameter to admin/configuration.php. | ||||
| CVE-2011-5024 | 1 Gnu | 1 Mailman | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter. | ||||
| CVE-2011-5181 | 2 Clickdesk, Wordpress | 2 Clickdesk Live Support-live Chat Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-0323 | 2 Paul Lesniewsk, Squirrelmail | 2 Autocomplete, Squirrelmail | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-6513 | 1 Gpeasy | 1 Gpeasy Cms | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php/Admin_Preferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter. | ||||
| CVE-2012-5919 | 1 Havalite | 1 Cms | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit Article module, or (5) hava_post.php in the postAuthor module; (6) postId parameter to hava_post.php; (7) userId parameter to hava_user.php; or (8) linkId parameter to hava_link.php. | ||||
| CVE-2012-4558 | 2 Apache, Redhat | 4 Http Server, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. | ||||
| CVE-2012-6633 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field. | ||||
| CVE-2011-5150 | 1 Spamtitan | 1 Spamtitan | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2011-5149 | 1 Spamtitan | 1 Spamtitan | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php. | ||||
| CVE-2011-5073 | 1 Sitracker | 1 Support Incident Tracker | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php. | ||||
| CVE-2013-0741 | 1 Percipientstudios | 1 Imagen | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in imagegen.ashx in Percipient Studios ImageGen before 2.9.0 for Umbraco CMS allows remote attackers to inject arbitrary web script or HTML via the font parameter. | ||||
| CVE-2013-1942 | 2 Happyworm, Owncloud | 3 Jplayer, Owncloud, Owncloud Server | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023. | ||||
| CVE-2013-3526 | 2 Wordpress, Wptrafficanalyzer | 2 Wordpress, Trafficanalyzer | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter. | ||||
| CVE-2013-5943 | 1 Graphite Project | 1 Graphite | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Graphite before 0.9.11 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2011-0740 | 2 Pleer, Wordpress | 2 Rss Feed Reader, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter. | ||||