CVEs from 2012
Total
5,193
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-6556 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (… | |||
| CVE-2012-6555 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title. | |||
| CVE-2012-1038 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5… | |||
| CVE-2012-6550 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vu… | |||
| CVE-2012-6534 | medium | — | 5.3 | 13y ago | Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote… | |||
| CVE-2012-5337 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4… | |||
| CVE-2012-6528 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.p… | |||
| CVE-2012-6523 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via (1) the p parameter in the getMenus function in codes/wcms.php; or … | |||
| CVE-2012-6276 | medium | — | 5.3 | 14y ago | Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitr… | |||
| CVE-2012-6272 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic p… | |||
| CVE-2012-6517 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2) ques… | |||
| CVE-2012-6513 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in index.php/Admin_Preferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter. | |||
| CVE-2012-6510 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when posting… | |||
| CVE-2012-6506 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing… | |||
| CVE-2012-6505 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||
| CVE-2012-2099 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort par… | |||
| CVE-2012-4932 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a mana… | |||
| CVE-2012-3872 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) th… | |||
| CVE-2012-6007 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitr… | |||
| CVE-2012-6312 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form actio… | |||
| CVE-2012-5858 | medium | — | 5.3 | 14y ago | Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the… | |||
| CVE-2012-6045 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui Forum, possibly 1.0 Beta, allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||
| CVE-2012-6044 | medium | — | 5.3 | 14y ago | M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file. | |||
| CVE-2012-6043 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. | |||
| CVE-2012-6042 | medium | — | 5.3 | 14y ago | GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file. | |||
| CVE-2012-6040 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||
| CVE-2012-5919 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/find… | |||
| CVE-2012-5917 | medium | — | 5.3 | 14y ago | SnackAmp 3.1.3 allows remote attackers to cause a denial of service (application crash) via a long string in an aiff file. | |||
| CVE-2012-5913 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to … | |||
| CVE-2012-5908 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergrou… | |||
| CVE-2012-5903 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php. | |||
| CVE-2012-5899 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit … | |||
| CVE-2012-5851 | medium | — | 5.3 | 14y ago | html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remo… | |||
| CVE-2012-4939 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject ar… | |||
| CVE-2012-5470 | medium | — | 5.3 | 14y ago | libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file. | |||
| CVE-2012-5672 | medium | — | 5.3 | 14y ago | Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a craf… | |||
| CVE-2012-5452 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) … | |||
| CVE-2012-4989 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an … | |||
| CVE-2012-4771 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/ma… | |||
| CVE-2012-4231 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter. | |||
| CVE-2012-4751 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary w… | |||
| CVE-2012-3184 | medium | — | 5.3 | 14y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote attackers to aff… | |||
| CVE-2012-5346 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some o… | |||
| CVE-2012-5343 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable. | |||
| CVE-2012-5341 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show paramet… | |||
| CVE-2012-5330 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php, o… | |||
| CVE-2012-5322 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject arbitrary web script or HTML via the (1) pvcName parameter to webconfig/wan/confirm.html/confirm or … | |||
| CVE-2012-5315 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to (1) messages_viewer.php, (2) home.php… | |||
| CVE-2012-5295 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter. | |||
| CVE-2012-4242 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. | |||
| CVE-2012-1604 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php. | |||
| CVE-2012-1470 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters. | |||
| CVE-2012-0989 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to ind… | |||
| CVE-2012-5229 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter. | |||
| CVE-2012-5228 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via t… | |||
| CVE-2012-5226 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or … | |||
| CVE-2012-5225 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter. | |||
| CVE-2012-1898 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) us… | |||
| CVE-2012-1188 | medium | — | 5.3 | 14y ago | Fork CMS Multiple XSS Vulnerabilities | |||
| CVE-2012-0974 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HT… | |||
| CVE-2012-0869 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||
| CVE-2012-5105 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (… | |||
| CVE-2012-5104 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in UBB.threads 7.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the Loginname parameter. | |||
| CVE-2012-5102 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in inc/extensions.php in VertrigoServ 2.25 allows remote attackers to inject arbitrary web script or HTML via the ext parameter. | |||
| CVE-2012-5099 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in list.php in PHPB2B 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. | |||
| CVE-2012-0988 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in config/dmsDefaults.php in KnowledgeTree 3.7.0.2 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_… | |||
| CVE-2012-4998 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in index.php in starCMS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||
| CVE-2012-2586 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with (1) a JavaScript alert fun… | |||
| CVE-2012-2578 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function us… | |||
| CVE-2012-2995 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wr… | |||
| CVE-2012-2575 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-m… | |||
| CVE-2012-4928 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter. | |||
| CVE-2012-4923 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule para… | |||
| CVE-2012-4336 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary par… | |||
| CVE-2012-3233 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to in… | |||
| CVE-2012-4909 | medium | — | 5.3 | 14y ago | Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application. | |||
| CVE-2012-4905 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universa… | |||
| CVE-2012-4891 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vector… | |||
| CVE-2012-4889 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to crea… | |||
| CVE-2012-1912 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index… | |||
| CVE-2012-4873 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. | |||
| CVE-2012-4871 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gti… | |||
| CVE-2012-1469 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) edito… | |||
| CVE-2012-1110 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5… | |||
| CVE-2012-4870 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2… | |||
| CVE-2012-2741 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers… | |||
| CVE-2012-3551 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitra… | |||
| CVE-2012-4745 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. | |||
| CVE-2012-4739 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) r… | |||
| CVE-2012-4685 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1 allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2012-4680 | medium | — | 5.3 | 14y ago | Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary f… | |||
| CVE-2012-4679 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter. | |||
| CVE-2012-1935 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to adm… | |||
| CVE-2012-4668 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email. | |||
| CVE-2012-3508 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribu… | |||
| CVE-2012-2984 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Gateway before 7.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) menu o… | |||
| CVE-2012-2582 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, … | |||
| CVE-2012-4236 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inj… | |||
| CVE-2012-4356 | medium | — | 5.3 | 14y ago | Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP p… | |||
| CVE-2012-4344 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the at… |