Total
36841 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-6448 | 1 Cpanel | 1 Webhost Manager | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-6347 | 1 Fortinet | 1 Fortidb | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext parameter to (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf, (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyProfile.jsf, or (10) mapolicymgmt/maPolicyMasterList.jsf. | ||||
| CVE-2012-6346 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate. | ||||
| CVE-2012-6344 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 6.1 Medium |
| Novell ZENworks Configuration Management before 11.2.4 allows XSS. | ||||
| CVE-2012-6133 | 1 Roundup-tracker | 1 Roundup | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*. | ||||
| CVE-2012-5776 | 1 Dokeos | 1 Dokeos | 2024-11-21 | 5.4 Medium |
| Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php. | ||||
| CVE-2012-5558 | 2 Smiley Project, Smileys Project | 2 Smiley, Smileys | 2024-11-21 | 4.8 Medium |
| Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and Smileys module 6.x-1.x versions prior to 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML via a smiley acronym. | ||||
| CVE-2012-5193 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter. | ||||
| CVE-2012-4526 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.1 Medium |
| piwigo has XSS in password.php (incomplete fix for CVE-2012-4525) | ||||
| CVE-2012-4525 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.1 Medium |
| piwigo has XSS in password.php | ||||
| CVE-2012-4519 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | 6.1 Medium |
| Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS. | ||||
| CVE-2012-4451 | 3 Fedoraproject, Redhat, Zend | 3 Fedora, Enterprise Linux, Zend Framework | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper. | ||||
| CVE-2012-4441 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin. | ||||
| CVE-2012-4440 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin. | ||||
| CVE-2012-4439 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins. | ||||
| CVE-2012-4384 | 2 Debian, Trilexnet | 2 Debian Linux, Letodms | 2024-11-21 | 6.1 Medium |
| letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar | ||||
| CVE-2012-4029 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action. | ||||
| CVE-2012-3536 | 1 Apache | 1 Hupa | 2024-11-21 | N/A |
| Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3. | ||||
| CVE-2012-3351 | 1 Longtailvideo | 1 Jw Player | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript. | ||||
| CVE-2012-3341 | 1 Ibm | 1 Infosphere Guardium | 2024-11-21 | 5.4 Medium |
| IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 78294. | ||||