CVEs from 2012
Total
5,193
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5504 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-5500 | medium | — | 4.3 | 4y ago | The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a cr… | |||
| CVE-2012-2654 | medium | — | 4.3 | 4y ago | The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protoc… | |||
| CVE-2012-6132 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter. | |||
| CVE-2012-5507 | medium | — | 4.3 | 8y ago | AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in pa… | |||
| CVE-2012-6662 | medium | — | 4.3 | 9y ago | jquery-ui Tooltip widget vulnerable to XSS | |||
| CVE-2012-3867 | medium | — | 4.3 | 9y ago | lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Ce… | |||
| CVE-2012-2694 | medium | — | 4.3 | 9y ago | actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request | |||
| CVE-2012-6692 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in the WordPress SEO by Yoast plugin before 2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p… | |||
| CVE-2012-3243 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this informat… | |||
| CVE-2012-2932 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) … | |||
| CVE-2012-1303 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash 1 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ampie.swf… | |||
| CVE-2012-1302 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or … | |||
| CVE-2012-5866 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter. | |||
| CVE-2012-2413 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/… | |||
| CVE-2012-6316 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script… | |||
| CVE-2012-5491 | medium | — | 4.3 | 12y ago | z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id. | |||
| CVE-2012-5490 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-6107 | medium | — | 4.3 | 12y ago | Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack… | |||
| CVE-2012-6659 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2012-1032 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE… | |||
| CVE-2012-6153 | medium | — | 4.3 | 12y ago | Improper certificate validation in org.apache.httpcomponents:httpclient | |||
| CVE-2012-4226 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Title, (2) Content, or (3… | |||
| CVE-2012-4241 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or (2) query string to _admin/index.php or (3)… | |||
| CVE-2012-1621 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a par… | |||
| CVE-2012-3522 | medium | — | 4.3 | 12y ago | GeSHi vulnerable to Cross-site Scripting | |||
| CVE-2012-4728 | medium | — | 4.3 | 12y ago | The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service (NU… | |||
| CVE-2012-5057 | medium | — | 4.3 | 12y ago | CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. | |||
| CVE-2012-5056 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odf… | |||
| CVE-2012-3333 | medium | — | 4.3 | 12y ago | CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HT… | |||
| CVE-2012-1600 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a functio… | |||
| CVE-2012-4230 | medium | — | 4.3 | 12y ago | The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site … | |||
| CVE-2012-5039 | medium | — | 4.3 | 12y ago | The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003. | |||
| CVE-2012-4651 | medium | — | 4.3 | 12y ago | Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Towe… | |||
| CVE-2012-3918 | medium | — | 4.3 | 12y ago | Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certa… | |||
| CVE-2012-0214 | medium | — | 4.3 | 12y ago | The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRel… | |||
| CVE-2012-6131 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1. | |||
| CVE-2012-6130 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link. | |||
| CVE-2012-6645 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers … | |||
| CVE-2012-6642 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter to view_channel.php. NOTE: the provenance of this inf… | |||
| CVE-2012-1561 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or … | |||
| CVE-2012-6641 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2012-1834 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary we… | |||
| CVE-2012-6640 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web s… | |||
| CVE-2012-5567 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject… | |||
| CVE-2012-5566 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware Webmail Edition before 4.0.8, allow remote attackers to inject… | |||
| CVE-2012-5565 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to … | |||
| CVE-2012-5650 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2012-0891 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or … | |||
| CVE-2012-2134 | medium | — | 4.3 | 12y ago | The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service (infini… | |||
| CVE-2012-5524 | medium | — | 4.3 | 13y ago | The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof se… | |||
| CVE-2012-1095 | medium | — | 4.3 | 13y ago | osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a … | |||
| CVE-2012-6086 | medium | — | 4.3 | 13y ago | libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-… | |||
| CVE-2012-6447 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-6633 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field. | |||
| CVE-2012-6632 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Vessio NetBill 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) file title to accounts/admin/index… | |||
| CVE-2012-6630 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Media Library Categories plugin 1.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) bulk parameter… | |||
| CVE-2012-6628 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) xyz_em_campNa… | |||
| CVE-2012-6627 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the… | |||
| CVE-2012-6623 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php in the ForumPress WP Forum Server plugin before 1.7.5 for WordPress allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2012-6621 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Cust… | |||
| CVE-2012-6620 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspeci… | |||
| CVE-2012-2899 | medium | — | 4.3 | 13y ago | Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and … | |||
| CVE-2012-6617 | medium | — | 4.3 | 13y ago | The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format. | |||
| CVE-2012-6615 | medium | — | 4.3 | 13y ago | The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dial… | |||
| CVE-2012-3047 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecifi… | |||
| CVE-2012-0414 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an imag… | |||
| CVE-2012-4529 | medium | — | 4.3 | 13y ago | The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a… | |||
| CVE-2012-4116 | medium | — | 4.3 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete … | |||
| CVE-2012-4099 | medium | — | 4.3 | 13y ago | The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka … | |||
| CVE-2012-4097 | medium | — | 4.3 | 13y ago | The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message… | |||
| CVE-2012-4088 | medium | — | 4.3 | 13y ago | The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowl… | |||
| CVE-2012-2624 | medium | — | 4.3 | 13y ago | Stack-based buffer overflow in Logica HotScan allows remote attackers to cause a denial of service (crash) via a crafted packet. | |||
| CVE-2012-4072 | medium | — | 4.3 | 13y ago | The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, b… | |||
| CVE-2012-4067 | medium | — | 4.3 | 13y ago | Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a bucket-lo… | |||
| CVE-2012-5990 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) allow remote attackers to inject arbitr… | |||
| CVE-2012-6590 | medium | — | 4.3 | 13y ago | The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID 33139. | |||
| CVE-2012-5744 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified … | |||
| CVE-2012-6458 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName,… | |||
| CVE-2012-5460 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitra… | |||
| CVE-2012-6581 | medium | — | 4.3 | 13y ago | Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and tr… | |||
| CVE-2012-6580 | medium | — | 4.3 | 13y ago | Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for r… | |||
| CVE-2012-6578 | medium | — | 4.3 | 13y ago | Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote at… | |||
| CVE-2012-5855 | medium | — | 4.3 | 13y ago | The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorre… | |||
| CVE-2012-6576 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified… | |||
| CVE-2012-6575 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-6574 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Fonecta verify module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspeci… | |||
| CVE-2012-6573 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or … | |||
| CVE-2012-6572 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "… | |||
| CVE-2012-6566 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-6564 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in REDCap before 4.14.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-6563 | medium | — | 4.3 | 13y ago | engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors. | |||
| CVE-2012-6561 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some o… | |||
| CVE-2012-6137 | medium | — | 4.3 | 13y ago | rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which al… | |||
| CVE-2012-4481 | medium | — | 4.3 | 13y ago | The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix f… | |||
| CVE-2012-5219 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-5949 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vect… | |||
| CVE-2012-5948 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involv… | |||
| CVE-2012-6092 | medium | — | 4.3 | 13y ago | Cross-site Scripting in Apache ActiveMQ | |||
| CVE-2012-4829 | medium | — | 4.3 | 13y ago | IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 certificate for authentication, which allows man-in-the-middle attackers to spoof servers by leveraging an inappropriate certifica… |