Cross-site Scripting (XSS) - 47654 CVEs (Page 336/398)

2013-08-23

Medium

CVE-2013-5570

Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2012-6583

Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web…

CVSS: 2.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-08-22

Low

CVE-2013-2299

Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspec…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-08-21

Low

CVE-2013-4005

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 a…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2013-4004

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.7 and 8.5 before 8.5.5.1 allows remote authenticated users to inject…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-3029

Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.…

CVSS: 6.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD

Medium

CVE-2013-2967

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 a…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2013-0597

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated use…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2013-4229

Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script…

CVSS: 2.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-08-20

Medium

CVE-2013-5323

Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2012-6582

Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-5320

Cross-site scripting (XSS) vulnerability in Forums/EditPost.aspx in mojoPortal before 2.3.9.8 allows remote attackers to inject arbitrary web script or HTML via the txtSubject parameter.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-5319

Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or H…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2013-5317

Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php.

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4653

Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-08-19

Low

CVE-2013-5315

Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4174

Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flas…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-2136

Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizar…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-5314

Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[ht…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-5312

Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2)…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-08-17

Medium

CVE-2013-2022

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-08-16

Low

CVE-2013-5309

Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web sc…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-5308

Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-5307

Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-5305

Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-5095

Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, allows remote attackers to inject ar…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2013-4007

Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote atta…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2013-3034

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via ve…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-0587

Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2)…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2013-0585

Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allow remote authenticated users to inject arbitrary web script or H…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-08-15

Medium

CVE-2013-5300

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via th…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-2023

Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-1942

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other pro…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-2137

Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-08-14

Medium

CVE-2013-4880

Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via th…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-3192

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encodin…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-08-09

Low

CVE-2013-0492

Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin Tool (OAT) 2.x and 3.x before 3.11.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-5100

Cross-site scripting (XSS) vulnerability in the Static Methods since 2007 (div2007) extension before 0.10.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified ve…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2012-6458

Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName,…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2013-5099

Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-5098

Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort par…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4759

Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML vi…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4625

Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pack…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4620

Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4600

Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-3262

Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parame…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-3990

Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-3032

Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-08-07

Medium

CVE-2013-1714

The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not proper…

CVSS: 4.3 CWE: CWE-264 View on NVD

Medium

CVE-2013-1713

Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified compariso…

CVSS: 4.3 CWE: CWE-264 View on NVD

Medium

CVE-2013-1711

The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL fun…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Critical

CVE-2013-1710

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows…

CVSS: 10.0 CWE: CWE-20 - Improper Input Validation View on NVD

Medium

CVE-2013-1709

Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FR…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-08-06

Low

CVE-2013-3995

Cross-site scripting (XSS) vulnerability in IBM InfoSphere BigInsights 1.1 through 2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-08-05

Medium

CVE-2013-4676

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors in…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-08-01

Medium

CVE-2012-5460

Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitra…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4670

Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML vi…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-31

Medium

CVE-2013-5020

Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) f…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4674

Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authent…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-2630

Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12.5 through 12.7 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-2209

Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arb…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2013-5002

Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject a…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2013-5001

Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4997

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4996

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1)…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2013-4995

Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query t…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-29

Low

CVE-2013-4954

Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" i…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4951

Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) pass parameter in views/login.php or (3) nam…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4950

Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4946

Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2013-4140

Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary…

CVSS: 2.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2013-4944

Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers t…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-3515

Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-2181

Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4942

Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4941

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4940

Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4939

Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x befo…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-2244

Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the c…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4802

Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center before 11.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vector…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-25

Medium

CVE-2013-3414

Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a craft…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-3999

Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics 1.2 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2013-3979

Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Web\Content\Help\ in the Web Client in IBM Cognos Command Center (aka Star Command Center or Star Analytics) before 10.1, when…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-23

Medium

CVE-2013-3440

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain i…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-3439

Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-22

Medium

CVE-2013-4883

Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2013-2364

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-2361

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-20

Medium

CVE-2013-1955

Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php and (2) datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or HTM…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-1879

Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a mess…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-19

Medium

CVE-2012-3414

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers t…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-18

Medium

CVE-2013-4779

Cross-site scripting (XSS) vulnerability in core/handleTw.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-16

Medium

CVE-2013-4117

Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via th…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-3491

Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add o…

CVSS: 6.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD

2013-07-15

Medium

CVE-2013-1087

Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-12

Medium

CVE-2013-3423

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-3422

Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified paramete…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-3421

Cross-site scripting (XSS) vulnerability in the Help index page in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-2704

Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert…

CVSS: 6.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD

2013-07-11

Medium

CVE-2013-3419

Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-10

Medium

CVE-2013-3416

Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote att…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-1132

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) IptAccou…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-3166

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of t…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-08

Medium

CVE-2013-2205

The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-si…

CVSS: 4.3 CWE: CWE-16 View on NVD

Medium

CVE-2013-2201

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editi…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-0237

Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web scrip…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-0236

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the con…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-1614

Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remot…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-06

Low

CVE-2013-0581

Multiple cross-site scripting (XSS) vulnerabilities in IBM Business Process Manager (BPM) 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 allow remote authenticated users to inject arbitrary web script or HTM…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-04

Low

CVE-2013-3742

Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an i…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-3413

Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script o…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-03

Low

CVE-2013-0468

Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to inject arbitrary web script or HTML via…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-02

Low

CVE-2013-2983

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling File Gateway 2.2 and Sterling B2B Integrator allow remote authenticated users to inject arbitrary web script or HTML via unspecifie…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-0455

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2.4 and Sterling File Gateway allow remote attackers to inject arbitrary web script or HTML via unspecified vector…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2013-07-01

Medium

CVE-2013-4749

Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unsp…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4747

Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arb…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4746

Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2013-4744

Cross-site scripting (XSS) vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2012-6148

Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitra…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Low

CVE-2012-6147

Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated bac…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

About “Cross-site Scripting (XSS)”

CVE-2013-5570

CVE-2012-6583

CVE-2013-2299

CVE-2013-4005

CVE-2013-4004

CVE-2013-3029

CVE-2013-2967

CVE-2013-0597

CVE-2013-4229

CVE-2013-5323

CVE-2012-6582

CVE-2013-5320

CVE-2013-5319

CVE-2013-5317

CVE-2013-4653

CVE-2013-5315

CVE-2013-4174

CVE-2013-2136

CVE-2013-5314

CVE-2013-5312

CVE-2013-2022

CVE-2013-5309

CVE-2013-5308

CVE-2013-5307

CVE-2013-5305

CVE-2013-5095

CVE-2013-4007

CVE-2013-3034

CVE-2013-0587

CVE-2013-0585

CVE-2013-5300

CVE-2013-2023

CVE-2013-1942

CVE-2013-2137

CVE-2013-4880

CVE-2013-3192

CVE-2013-0492

CVE-2013-5100

CVE-2012-6458

CVE-2013-5099

CVE-2013-5098

CVE-2013-4759

CVE-2013-4625

CVE-2013-4620

CVE-2013-4600

CVE-2013-3262

CVE-2013-3990

CVE-2013-3032

CVE-2013-1714

CVE-2013-1713

CVE-2013-1711

CVE-2013-1710

CVE-2013-1709

CVE-2013-3995

CVE-2013-4676

CVE-2012-5460

CVE-2013-4670

CVE-2013-5020

CVE-2013-4674

CVE-2013-2630

CVE-2013-2209

CVE-2013-5002

CVE-2013-5001

CVE-2013-4997

CVE-2013-4996

CVE-2013-4995

CVE-2013-4954

CVE-2013-4951

CVE-2013-4950

CVE-2013-4946

CVE-2013-4140

CVE-2013-4944

CVE-2013-3515

CVE-2013-2181

CVE-2013-4942

CVE-2013-4941

CVE-2013-4940

CVE-2013-4939

CVE-2013-2244