Export limit exceeded: 46149 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46149 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0321 | 2 Drupal, Ubercart Views Project | 2 Drupal, Uc Views | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. | ||||
| CVE-2012-1835 | 2 Timely, Wordpress | 2 All-in-one Event Calendar, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php. | ||||
| CVE-2013-0322 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. | ||||
| CVE-2012-2768 | 1 Best Practical Solutions | 1 Request Tracker | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-4825 | 2 Pleer, Wordpress | 2 Wp-twitter-feed, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | ||||
| CVE-2013-0323 | 2 Display Suite Project, Drupal | 2 Ds, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field. | ||||
| CVE-2013-0324 | 2 Drupal, Tomasbarej | 2 Drupal, Menu Reference | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title. | ||||
| CVE-2012-2687 | 2 Apache, Redhat | 3 Http Server, Enterprise Linux, Jboss Enterprise Application Platform | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. | ||||
| CVE-2012-1842 | 2 Dell, Quantum | 7 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 4 more | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-4823 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via "missing URL actions." | ||||
| CVE-2012-2683 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages." | ||||
| CVE-2013-4249 | 1 Djangoproject | 1 Django | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField. | ||||
| CVE-2012-1992 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template). | ||||
| CVE-2010-4555 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page. | ||||
| CVE-2012-2022 | 1 Hp | 1 Network Node Manager I | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-0525 | 1 Ibm | 1 Lotus Inotes | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX. | ||||
| CVE-2013-0459 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-2247 | 1 Mahara | 1 Mahara | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file. | ||||
| CVE-2012-2243 | 1 Mahara | 1 Mahara | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. NOTE: this can be leveraged with CVE-2012-2244 to execute arbitrary code without authentication, as demonstrated by modifying the clamav path. | ||||
| CVE-2012-2064 | 2 Drupal, Mark Theunissen | 2 Drupal, Views Lang Switch | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||