CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-4901 | medium | — | 5.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to … | |||
| CVE-2012-1664 | medium | — | 5.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process… | |||
| CVE-2012-6665 | medium | — | 5.3 | 12y ago | Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012… | |||
| CVE-2012-1669 | medium | — | 5.3 | 12y ago | Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||
| CVE-2012-5702 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action,… | |||
| CVE-2012-5700 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) us… | |||
| CVE-2012-2588 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) b… | |||
| CVE-2012-6658 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName confi… | |||
| CVE-2012-2583 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email. | |||
| CVE-2012-1507 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltR… | |||
| CVE-2012-1556 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to ph… | |||
| CVE-2012-0984 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the… | |||
| CVE-2012-4768 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the d… | |||
| CVE-2012-4234 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2012-1503 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section. | |||
| CVE-2012-5684 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the inFullname parameter in an UpdateAccountSettings action in… | |||
| CVE-2012-2591 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field i… | |||
| CVE-2012-2580 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an … | |||
| CVE-2012-2579 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) To, (2) From, (3) Date, o… | |||
| CVE-2012-2572 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email. | |||
| CVE-2012-2569 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email. | |||
| CVE-2012-2592 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email. | |||
| CVE-2012-6644 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3)… | |||
| CVE-2012-6430 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or … | |||
| CVE-2012-6624 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloud_is_g… | |||
| CVE-2012-6622 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script … | |||
| CVE-2012-6151 | medium | — | 5.3 | 13y ago | Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, … | |||
| CVE-2012-6608 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter. | |||
| CVE-2012-6589 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in search.php in MYRE Business Directory allows remote attackers to inject arbitrary web script or HTML via the look parameter. | |||
| CVE-2012-6587 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in vacation/1_mobile/alert_members.php in MYRE Vacation Rental Software allows remote attackers to inject arbitrary web script or HTML via the link_idd parame… | |||
| CVE-2012-6585 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in search.php in MYRE Realty Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter. | |||
| CVE-2012-3414 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers t… | |||
| CVE-2012-6559 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type pa… | |||
| CVE-2012-6557 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) Abou… | |||
| CVE-2012-6556 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (… | |||
| CVE-2012-6555 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title. | |||
| CVE-2012-1038 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5… | |||
| CVE-2012-6550 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vu… | |||
| CVE-2012-6534 | medium | — | 5.3 | 13y ago | Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote… | |||
| CVE-2012-5337 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4… | |||
| CVE-2012-6528 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.p… | |||
| CVE-2012-6523 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via (1) the p parameter in the getMenus function in codes/wcms.php; or … | |||
| CVE-2012-6276 | medium | — | 5.3 | 14y ago | Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitr… | |||
| CVE-2012-6272 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic p… | |||
| CVE-2012-6517 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2) ques… | |||
| CVE-2012-6513 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in index.php/Admin_Preferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter. | |||
| CVE-2012-6510 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when posting… | |||
| CVE-2012-6506 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing… | |||
| CVE-2012-6505 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||
| CVE-2012-2099 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort par… | |||
| CVE-2012-4550 | medium | 5.3 | 5.3 | 14y ago | A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans (EJB) access, the system does not correctly call the necessary authorization… | |||
| CVE-2012-4932 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a mana… | |||
| CVE-2012-3872 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) th… | |||
| CVE-2012-6007 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitr… | |||
| CVE-2012-6312 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form actio… | |||
| CVE-2012-5858 | medium | — | 5.3 | 14y ago | Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the… | |||
| CVE-2012-6045 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui Forum, possibly 1.0 Beta, allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||
| CVE-2012-6044 | medium | — | 5.3 | 14y ago | M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file. | |||
| CVE-2012-6043 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. | |||
| CVE-2012-6042 | medium | — | 5.3 | 14y ago | GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file. | |||
| CVE-2012-6040 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||
| CVE-2012-5919 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/find… | |||
| CVE-2012-5917 | medium | — | 5.3 | 14y ago | SnackAmp 3.1.3 allows remote attackers to cause a denial of service (application crash) via a long string in an aiff file. | |||
| CVE-2012-5913 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to … | |||
| CVE-2012-5908 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergrou… | |||
| CVE-2012-5903 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php. | |||
| CVE-2012-5899 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit … | |||
| CVE-2012-5851 | medium | — | 5.3 | 14y ago | html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remo… | |||
| CVE-2012-4948 | medium | — | 5.3 | 14y ago | The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier … | |||
| CVE-2012-4939 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject ar… | |||
| CVE-2012-5470 | medium | — | 5.3 | 14y ago | libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file. | |||
| CVE-2012-5672 | medium | — | 5.3 | 14y ago | Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a craf… | |||
| CVE-2012-5452 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) … | |||
| CVE-2012-4989 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an … | |||
| CVE-2012-4771 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/ma… | |||
| CVE-2012-4231 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter. | |||
| CVE-2012-4751 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary w… | |||
| CVE-2012-3184 | medium | — | 5.3 | 14y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote attackers to aff… | |||
| CVE-2012-5346 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some o… | |||
| CVE-2012-5343 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable. | |||
| CVE-2012-5341 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show paramet… | |||
| CVE-2012-5330 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php, o… | |||
| CVE-2012-5322 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject arbitrary web script or HTML via the (1) pvcName parameter to webconfig/wan/confirm.html/confirm or … | |||
| CVE-2012-5315 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to (1) messages_viewer.php, (2) home.php… | |||
| CVE-2012-5295 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter. | |||
| CVE-2012-4242 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. | |||
| CVE-2012-1604 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php. | |||
| CVE-2012-1470 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters. | |||
| CVE-2012-0989 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to ind… | |||
| CVE-2012-5229 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter. | |||
| CVE-2012-5228 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via t… | |||
| CVE-2012-5226 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or … | |||
| CVE-2012-5225 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter. | |||
| CVE-2012-1898 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) us… | |||
| CVE-2012-1188 | medium | — | 5.3 | 14y ago | Fork CMS Multiple XSS Vulnerabilities | |||
| CVE-2012-0974 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HT… | |||
| CVE-2012-0869 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||
| CVE-2012-5105 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (… | |||
| CVE-2012-5104 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in UBB.threads 7.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the Loginname parameter. | |||
| CVE-2012-5102 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in inc/extensions.php in VertrigoServ 2.25 allows remote attackers to inject arbitrary web script or HTML via the ext parameter. |