Total
40647 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-10003 | 1 Rivettracker Project | 1 Rivettracker | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This issue affects some unknown processing. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The patch is named f053c5cc2bc44269b0496b5f275e349928a92ef9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217271. | ||||
| CVE-2012-0941 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list. | ||||
| CVE-2012-0812 | 2 Debian, Postfix Admin Project | 2 Debian Linux, Postfix Admin | 2024-11-21 | 6.1 Medium |
| PostfixAdmin 2.3.4 has multiple XSS vulnerabilities | ||||
| CVE-2011-5329 | 1 Redirection | 1 Redirection | 2024-11-21 | N/A |
| The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. | ||||
| CVE-2011-5018 | 1 Koala-framework | 1 Koala Framework | 2024-11-21 | 6.1 Medium |
| Koala Framework before 2011-11-21 has XSS via the request_uri parameter. | ||||
| CVE-2011-4938 | 1 Muze | 1 Ariadne | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php. | ||||
| CVE-2011-4924 | 1 Zope | 1 Zope | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104 | ||||
| CVE-2011-4903 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function. | ||||
| CVE-2011-4632 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message. | ||||
| CVE-2011-4631 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler. | ||||
| CVE-2011-4630 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard. | ||||
| CVE-2011-4629 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel. | ||||
| CVE-2011-4626 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function. | ||||
| CVE-2011-4455 | 1 Tiki | 1 Tiki | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php. | ||||
| CVE-2011-4454 | 1 Tiki | 1 Tiki | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index. | ||||
| CVE-2011-4336 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 6.1 Medium |
| Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php. | ||||
| CVE-2011-4095 | 1 Jara Project | 1 Jara | 2024-11-21 | 6.1 Medium |
| Jara 1.6 has an XSS vulnerability | ||||
| CVE-2011-4090 | 1 S9y | 1 Serendipity | 2024-11-21 | 6.1 Medium |
| Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation. | ||||
| CVE-2011-3656 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing. | ||||
| CVE-2011-3642 | 1 Flowplayer | 1 Flowplayer Flash | 2024-11-21 | 9.6 Critical |
| Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin. | ||||