CVEs from 2012
Total
5,193
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-0294 | medium | — | 5.8 | 14y ago | Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecifi… | |||
| CVE-2012-1589 | medium | — | 5.8 | 14y ago | Drupal Open Redirect | |||
| CVE-2012-0528 | medium | — | 5.8 | 14y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7, and Oracle Enterprise Manager Grid Control, allows re… | |||
| CVE-2012-0732 | medium | — | 5.8 | 14y ago | The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serv… | |||
| CVE-2012-1244 | medium | — | 5.8 | 14y ago | The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain… | |||
| CVE-2012-0043 | medium | — | 5.8 | 14y ago | Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a deni… | |||
| CVE-2012-0146 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks… | |||
| CVE-2012-0128 | medium | — | 5.8 | 14y ago | HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2012-0126 | medium | — | 5.8 | 14y ago | Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-01… | |||
| CVE-2012-1545 | medium | — | 5.8 | 14y ago | Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integ… | |||
| CVE-2012-0907 | medium | — | 5.8 | 15y ago | Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in th… | |||
| CVE-2012-0310 | medium | — | 5.8 | 15y ago | CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and c… | |||
| CVE-2012-3062 | medium | — | 5.7 | 12y ago | Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a ne… | |||
| CVE-2012-5525 | medium | — | 5.7 | 14y ago | The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read. | |||
| CVE-2012-3570 | medium | — | 5.7 | 14y ago | Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifi… | |||
| CVE-2012-0045 | medium | — | 5.7 | 14y ago | The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to ca… | |||
| CVE-2012-3498 | medium | — | 5.6 | 14y ago | PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory v… | |||
| CVE-2012-3209 | medium | — | 5.6 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect integrity and availability via unknown vectors related to Logical Domain (LDOM). | |||
| CVE-2012-3510 | medium | — | 5.6 | 14y ago | Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or ca… | |||
| CVE-2012-3480 | medium | — | 5.6 | 14y ago | Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users t… | |||
| CVE-2012-3440 | medium | — | 5.6 | 14y ago | A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. | |||
| CVE-2012-1687 | medium | — | 5.6 | 14y ago | Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability, related to Logical Domains (LDOM). | |||
| CVE-2012-3345 | medium | — | 5.6 | 14y ago | ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file. | |||
| CVE-2012-0946 | medium | — | 5.6 | 14y ago | The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. | |||
| CVE-2012-0031 | medium | — | 5.6 | 15y ago | scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a … | |||
| CVE-2012-4573 | medium | — | 5.5 | 4y ago | The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulne… | |||
| CVE-2012-4095 | medium | — | 5.5 | 13y ago | The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindi… | |||
| CVE-2012-6118 | medium | — | 5.5 | 13y ago | The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting. | |||
| CVE-2012-6106 | medium | — | 5.5 | 14y ago | calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calen… | |||
| CVE-2012-5656 | medium | 5.5 | 5.5 | 14y ago | The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. | |||
| CVE-2012-3218 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unkno… | |||
| CVE-2012-5603 | medium | — | 5.5 | 14y ago | proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users'… | |||
| CVE-2012-5523 | medium | — | 5.5 | 14y ago | core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive infor… | |||
| CVE-2012-5522 | medium | — | 5.5 | 14y ago | MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access r… | |||
| CVE-2012-5482 | medium | — | 5.5 | 14y ago | OpenStack Glance arbitrary deletion of non-protected images | |||
| CVE-2012-4021 | medium | — | 5.5 | 14y ago | MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information … | |||
| CVE-2012-5092 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote authenticated users to affect confidentiality and integri… | |||
| CVE-2012-3226 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 1… | |||
| CVE-2012-3140 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the Oracle Agile PLM For Process component in Oracle Supply Chain Products Suite 6.0.0.6.3 and 6.1.0.1.14 allows remote authenticated users to affect confidentiality and … | |||
| CVE-2012-4408 | medium | — | 5.5 | 14y ago | course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass … | |||
| CVE-2012-2164 | medium | — | 5.5 | 14y ago | The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to… | |||
| CVE-2012-2283 | medium | — | 5.5 | 14y ago | The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Drive Cloud Edition with EMC Lifeline firmware before 3.2.3.15290, iConnect with EMC Lifeline… | |||
| CVE-2012-3367 | medium | — | 5.5 | 14y ago | Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with… | |||
| CVE-2012-3392 | medium | — | 5.5 | 14y ago | mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription re… | |||
| CVE-2012-3361 | medium | — | 5.5 | 14y ago | virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an i… | |||
| CVE-2012-3360 | medium | — | 5.5 | 14y ago | Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to wr… | |||
| CVE-2012-2366 | medium | — | 5.5 | 14y ago | mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity pr… | |||
| CVE-2012-2358 | medium | — | 5.5 | 14y ago | Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role … | |||
| CVE-2012-3113 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0.20 allows remote authenticated users to affect confidentiality and integrity, related to EPERF. | |||
| CVE-2012-0798 | medium | — | 5.5 | 14y ago | The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role. | |||
| CVE-2012-0797 | medium | — | 5.5 | 14y ago | Moodle Users Can Bypass Deleted Status | |||
| CVE-2012-0215 | medium | — | 5.5 | 14y ago | model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authent… | |||
| CVE-2012-1860 | medium | — | 5.5 | 14y ago | Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remot… | |||
| CVE-2012-2596 | medium | — | 5.5 | 14y ago | The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to … | |||
| CVE-2012-1012 | medium | — | 5.5 | 14y ago | server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which m… | |||
| CVE-2012-1186 | medium | 5.5 | 5.5 | 14y ago | Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in … | |||
| CVE-2012-0248 | medium | 5.5 | 5.5 | 14y ago | ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the I… | |||
| CVE-2012-1146 | medium | 5.5 | 5.5 | 14y ago | The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local … | |||
| CVE-2012-1090 | medium | 5.5 | 5.5 | 14y ago | The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. | |||
| CVE-2012-0879 | medium | 5.5 | 5.5 | 14y ago | The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by st… | |||
| CVE-2012-0058 | medium | 5.5 | 5.5 | 14y ago | The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management. | |||
| CVE-2012-0038 | medium | 5.5 | 5.5 | 14y ago | Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, … | |||
| CVE-2012-0567 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to… | |||
| CVE-2012-0565 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0, and 6.1.1 allows remote authenticated users to affect confidentiality and integrity via unk… | |||
| CVE-2012-0538 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality and integri… | |||
| CVE-2012-0532 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the Identity Manager component in Oracle Fusion Middleware 11.1.1.3 and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vec… | |||
| CVE-2012-0517 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors r… | |||
| CVE-2012-0512 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7 and 11.2.0.2 and Oracle Enterprise Manager Grid Control allows remote authenticated user… | |||
| CVE-2012-2402 | medium | — | 5.5 | 14y ago | wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors. | |||
| CVE-2012-0113 | medium | — | 5.5 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different v… | |||
| CVE-2012-0082 | medium | — | 5.5 | 15y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect in… | |||
| CVE-2012-0080 | medium | — | 5.5 | 15y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors re… | |||
| CVE-2012-5044 | medium | — | 5.4 | 12y ago | Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809. | |||
| CVE-2012-1317 | medium | — | 5.4 | 12y ago | The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717. | |||
| CVE-2012-0875 | medium | — | 5.4 | 13y ago | SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic … | |||
| CVE-2012-4094 | medium | — | 5.4 | 13y ago | Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service by reading and forging control m… | |||
| CVE-2012-5415 | medium | — | 5.4 | 13y ago | Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leadin… | |||
| CVE-2012-6533 | medium | — | 5.4 | 14y ago | Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application. | |||
| CVE-2012-5667 | medium | — | 5.4 | 14y ago | Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. | |||
| CVE-2012-5571 | medium | 5.4 | 5.4 | 14y ago | A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly ha… | |||
| CVE-2012-4298 | medium | — | 5.4 | 14y ago | Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execut… | |||
| CVE-2012-3127 | medium | — | 5.4 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to SCTP. | |||
| CVE-2012-1753 | medium | — | 5.4 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality, integrity,… | |||
| CVE-2012-0301 | medium | — | 5.4 | 14y ago | Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors. | |||
| CVE-2012-4901 | medium | — | 5.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to … | |||
| CVE-2012-1664 | medium | — | 5.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process… | |||
| CVE-2012-6665 | medium | — | 5.3 | 12y ago | Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012… | |||
| CVE-2012-1669 | medium | — | 5.3 | 12y ago | Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||
| CVE-2012-5702 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action,… | |||
| CVE-2012-5700 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) us… | |||
| CVE-2012-2588 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) b… | |||
| CVE-2012-6658 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName confi… | |||
| CVE-2012-2583 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email. | |||
| CVE-2012-1507 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltR… | |||
| CVE-2012-1556 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to ph… | |||
| CVE-2012-0984 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the… | |||
| CVE-2012-4768 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the d… | |||
| CVE-2012-4234 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2012-1503 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section. | |||
| CVE-2012-5684 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the inFullname parameter in an UpdateAccountSettings action in… |