CVEs from 2012
Total
5,193
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-4873 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. | |||
| CVE-2012-4871 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gti… | |||
| CVE-2012-1469 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) edito… | |||
| CVE-2012-1110 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5… | |||
| CVE-2012-4870 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2… | |||
| CVE-2012-2741 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers… | |||
| CVE-2012-3551 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitra… | |||
| CVE-2012-4745 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. | |||
| CVE-2012-4739 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) r… | |||
| CVE-2012-4685 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1 allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2012-4680 | medium | — | 5.3 | 14y ago | Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary f… | |||
| CVE-2012-4679 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter. | |||
| CVE-2012-1935 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to adm… | |||
| CVE-2012-4668 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email. | |||
| CVE-2012-3508 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribu… | |||
| CVE-2012-2984 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Gateway before 7.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) menu o… | |||
| CVE-2012-2582 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, … | |||
| CVE-2012-4236 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inj… | |||
| CVE-2012-4356 | medium | — | 5.3 | 14y ago | Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP p… | |||
| CVE-2012-4344 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the at… | |||
| CVE-2012-2570 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter. | |||
| CVE-2012-2209 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuratio… | |||
| CVE-2012-1835 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title p… | |||
| CVE-2012-2331 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendi… | |||
| CVE-2012-2274 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||
| CVE-2012-4278 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) notes parameter to (a) admin/agenteditor.php; (2) … | |||
| CVE-2012-4267 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||
| CVE-2012-4266 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of thes… | |||
| CVE-2012-2371 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb param… | |||
| CVE-2012-4262 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maide… | |||
| CVE-2012-4259 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allo… | |||
| CVE-2012-4254 | medium | — | 5.3 | 14y ago | MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php. | |||
| CVE-2012-4253 | medium | — | 5.3 | 14y ago | Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2)… | |||
| CVE-2012-4251 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to… | |||
| CVE-2012-2590 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a… | |||
| CVE-2012-2587 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribu… | |||
| CVE-2012-2585 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT ele… | |||
| CVE-2012-2573 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) … | |||
| CVE-2012-2571 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2… | |||
| CVE-2012-2584 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style … | |||
| CVE-2012-2577 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslo… | |||
| CVE-2012-4247 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remot… | |||
| CVE-2012-4246 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the… | |||
| CVE-2012-3848 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2012-2442 | medium | — | 5.3 | 14y ago | Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file. | |||
| CVE-2012-2955 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security … | |||
| CVE-2012-4000 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remo… | |||
| CVE-2012-3236 | medium | — | 5.3 | 14y ago | fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated us… | |||
| CVE-2012-3805 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2012-3840 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) la… | |||
| CVE-2012-3837 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u… | |||
| CVE-2012-3836 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the u… | |||
| CVE-2012-3835 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url… | |||
| CVE-2012-3831 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag. | |||
| CVE-2012-3830 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive. | |||
| CVE-2012-2698 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to … | |||
| CVE-2012-3232 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter. | |||
| CVE-2012-2172 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote atta… | |||
| CVE-2012-1858 | medium | — | 5.3 | 14y ago | The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, w… | |||
| CVE-2012-2941 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter. | |||
| CVE-2012-2940 | medium | — | 5.3 | 14y ago | MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP, (7) TIFF, or (8) PCX file. | |||
| CVE-2012-2938 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) ho… | |||
| CVE-2012-2436 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize ac… | |||
| CVE-2012-1990 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvari… | |||
| CVE-2012-2918 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter. | |||
| CVE-2012-2917 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-an… | |||
| CVE-2012-2914 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||
| CVE-2012-2913 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.p… | |||
| CVE-2012-2911 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in backupDB.php in SiliSoftware backupDB() 1.2.7a allows remote attackers to inject arbitrary web script or HTML via the onlyDB parameter. | |||
| CVE-2012-2910 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.ran… | |||
| CVE-2012-2909 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Wo… | |||
| CVE-2012-2906 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recommandation/index.php in Artiphp CMS 5.5.0 Neo (r422) allow remote attackers to inject arbitrary web script or HTML via the (1) add… | |||
| CVE-2012-2904 | medium | — | 5.3 | 14y ago | player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug par… | |||
| CVE-2012-2903 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) ta… | |||
| CVE-2012-2234 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an a… | |||
| CVE-2012-2396 | medium | — | 5.3 | 14y ago | VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file. | |||
| CVE-2012-2156 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field… | |||
| CVE-2012-0067 | medium | — | 5.3 | 14y ago | wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. | |||
| CVE-2012-1904 | medium | — | 5.3 | 14y ago | mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of servic… | |||
| CVE-2012-1465 | medium | — | 5.3 | 14y ago | Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision before 4.6.1 allows remote attackers to cause a denial of service (application crash) via a long URL in an HTTP request. NO… | |||
| CVE-2012-1039 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb p… | |||
| CVE-2012-1787 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DO… | |||
| CVE-2012-1782 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar. | |||
| CVE-2012-1213 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitra… | |||
| CVE-2012-1211 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter. | |||
| CVE-2012-1208 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or… | |||
| CVE-2012-0873 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or th… | |||
| CVE-2012-1224 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||
| CVE-2012-1217 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.p… | |||
| CVE-2012-1069 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in module/kb/search_word in the search module in lknSupport allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||
| CVE-2012-1065 | medium | — | 5.3 | 15y ago | Insecure method vulnerability in TuxScripting.dll in the TuxSystem ActiveX control in 2X ApplicationServer 10.1 Build 1224 allows remote attackers to create or overwrite arbitrary files via the Expor… | |||
| CVE-2012-1059 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or … | |||
| CVE-2012-1049 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp… | |||
| CVE-2012-1048 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in communityplusplus/www/administrator.php in eFront Community++ edition 3.6.10, and possibly other editions, allows remote attackers to inject arbitrary web … | |||
| CVE-2012-0834 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engi… | |||
| CVE-2012-1028 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in bin/index.php in SimpleGroupware 0.742 and other versions before 0.743 allows remote attackers to inject arbitrary web script or HTML via the export parame… | |||
| CVE-2012-1027 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in account-closed.tcl in ]project-open[ (aka ]po[) 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2012-1021 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action. | |||
| CVE-2012-1018 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web sc… | |||
| CVE-2012-1005 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as… |