Export limit exceeded: 44845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44845 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0738 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 6.1 Medium |
| Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php. | ||||
| CVE-2013-0737 | 1 Boltwire | 1 Boltwire | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter. | ||||
| CVE-2013-0592 | 1 Ibm | 1 Inotes | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815. | ||||
| CVE-2013-0286 | 1 Pinboard Project | 1 Pinboard | 2024-11-21 | 5.4 Medium |
| Pinboard 1.0.6 theme for Wordpress has XSS. | ||||
| CVE-2013-0283 | 1 Theforeman | 1 Katello | 2024-11-21 | 5.4 Medium |
| Katello: Username in Notification page has cross site scripting | ||||
| CVE-2013-0195 | 1 Matomo | 1 Matomo | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194. | ||||
| CVE-2013-0194 | 1 Matomo | 1 Matomo | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195. | ||||
| CVE-2013-0193 | 1 Matomo | 1 Matomo | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195. | ||||
| CVE-2013-0186 | 1 Redhat | 3 Cloudforms, Cloudforms Managementengine, Manageiq Enterprise Virtualization Manager | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-0161 | 1 Havalite | 1 Havalite | 2024-11-21 | 5.4 Medium |
| Havalite CMS 1.1.7 has a stored XSS vulnerability | ||||
| CVE-2012-6720 | 1 Socialengine | 1 Socialengine | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*. | ||||
| CVE-2012-6718 | 1 Sharebar Project | 1 Sharebar | 2024-11-21 | N/A |
| The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491. | ||||
| CVE-2012-6717 | 1 Redirection | 1 Redirection | 2024-11-21 | N/A |
| The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562. | ||||
| CVE-2012-6716 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links. | ||||
| CVE-2012-6715 | 1 Formbuilder Project | 1 Formbuilder | 2024-11-21 | N/A |
| The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header. | ||||
| CVE-2012-6714 | 1 Count Per Day Project | 1 Count Per Day | 2024-11-21 | N/A |
| The count-per-day plugin before 3.2.3 for WordPress has XSS via search words. | ||||
| CVE-2012-6713 | 1 Wp-jobmanager | 1 Job Manager | 2024-11-21 | N/A |
| The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues. | ||||
| CVE-2012-6708 | 1 Jquery | 1 Jquery | 2024-11-21 | N/A |
| jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. | ||||
| CVE-2012-6682 | 1 Dragonbyte-tech | 1 Vbdownloads Module | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter. | ||||
| CVE-2012-6671 | 1 Dragonbyte-tech | 1 Forumon Rpg Module | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module before 1.0.8 for vBulletin when creating a new monster, allow remote attackers to inject arbitrary web script or HTML via the (1) monster[title] or (2) monster[description] parameters. | ||||