CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-6007 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitr… | |||
| CVE-2012-6312 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form actio… | |||
| CVE-2012-5858 | medium | — | 5.3 | 14y ago | Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the… | |||
| CVE-2012-6045 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui Forum, possibly 1.0 Beta, allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||
| CVE-2012-6044 | medium | — | 5.3 | 14y ago | M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file. | |||
| CVE-2012-6043 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. | |||
| CVE-2012-6042 | medium | — | 5.3 | 14y ago | GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file. | |||
| CVE-2012-6040 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||
| CVE-2012-5919 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/find… | |||
| CVE-2012-5917 | medium | — | 5.3 | 14y ago | SnackAmp 3.1.3 allows remote attackers to cause a denial of service (application crash) via a long string in an aiff file. | |||
| CVE-2012-5913 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to … | |||
| CVE-2012-5908 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergrou… | |||
| CVE-2012-5903 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php. | |||
| CVE-2012-5899 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit … | |||
| CVE-2012-5851 | medium | — | 5.3 | 14y ago | html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remo… | |||
| CVE-2012-4948 | medium | — | 5.3 | 14y ago | The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier … | |||
| CVE-2012-4939 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject ar… | |||
| CVE-2012-5470 | medium | — | 5.3 | 14y ago | libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file. | |||
| CVE-2012-5672 | medium | — | 5.3 | 14y ago | Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a craf… | |||
| CVE-2012-5452 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) … | |||
| CVE-2012-4989 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an … | |||
| CVE-2012-4771 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/ma… | |||
| CVE-2012-4231 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter. | |||
| CVE-2012-4751 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary w… | |||
| CVE-2012-3184 | medium | — | 5.3 | 14y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote attackers to aff… | |||
| CVE-2012-5346 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some o… | |||
| CVE-2012-5343 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable. | |||
| CVE-2012-5341 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show paramet… | |||
| CVE-2012-5330 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php, o… | |||
| CVE-2012-5322 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject arbitrary web script or HTML via the (1) pvcName parameter to webconfig/wan/confirm.html/confirm or … | |||
| CVE-2012-5315 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to (1) messages_viewer.php, (2) home.php… | |||
| CVE-2012-5295 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter. | |||
| CVE-2012-4242 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. | |||
| CVE-2012-1604 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php. | |||
| CVE-2012-1470 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters. | |||
| CVE-2012-0989 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to ind… | |||
| CVE-2012-5229 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter. | |||
| CVE-2012-5228 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via t… | |||
| CVE-2012-5226 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or … | |||
| CVE-2012-5225 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter. | |||
| CVE-2012-1898 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) us… | |||
| CVE-2012-1188 | medium | — | 5.3 | 14y ago | Fork CMS Multiple XSS Vulnerabilities | |||
| CVE-2012-0974 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HT… | |||
| CVE-2012-0869 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||
| CVE-2012-5105 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (… | |||
| CVE-2012-5104 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in UBB.threads 7.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the Loginname parameter. | |||
| CVE-2012-5102 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in inc/extensions.php in VertrigoServ 2.25 allows remote attackers to inject arbitrary web script or HTML via the ext parameter. | |||
| CVE-2012-5099 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in list.php in PHPB2B 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. | |||
| CVE-2012-0988 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in config/dmsDefaults.php in KnowledgeTree 3.7.0.2 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_… | |||
| CVE-2012-4998 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in index.php in starCMS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||
| CVE-2012-2586 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with (1) a JavaScript alert fun… | |||
| CVE-2012-2578 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function us… | |||
| CVE-2012-2995 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wr… | |||
| CVE-2012-2575 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-m… | |||
| CVE-2012-4928 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter. | |||
| CVE-2012-4923 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule para… | |||
| CVE-2012-4336 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary par… | |||
| CVE-2012-3233 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to in… | |||
| CVE-2012-4909 | medium | — | 5.3 | 14y ago | Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application. | |||
| CVE-2012-4905 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universa… | |||
| CVE-2012-4891 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vector… | |||
| CVE-2012-4889 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to crea… | |||
| CVE-2012-1912 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index… | |||
| CVE-2012-4873 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. | |||
| CVE-2012-4871 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gti… | |||
| CVE-2012-1469 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) edito… | |||
| CVE-2012-1110 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5… | |||
| CVE-2012-4870 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2… | |||
| CVE-2012-2741 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers… | |||
| CVE-2012-3551 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitra… | |||
| CVE-2012-4745 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. | |||
| CVE-2012-4739 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) r… | |||
| CVE-2012-4685 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1 allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2012-4680 | medium | — | 5.3 | 14y ago | Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary f… | |||
| CVE-2012-4679 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter. | |||
| CVE-2012-1935 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to adm… | |||
| CVE-2012-4668 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email. | |||
| CVE-2012-3508 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribu… | |||
| CVE-2012-2984 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Gateway before 7.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) menu o… | |||
| CVE-2012-2582 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, … | |||
| CVE-2012-4236 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inj… | |||
| CVE-2012-4356 | medium | — | 5.3 | 14y ago | Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP p… | |||
| CVE-2012-4344 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the at… | |||
| CVE-2012-2570 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter. | |||
| CVE-2012-2209 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuratio… | |||
| CVE-2012-1835 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title p… | |||
| CVE-2012-2331 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendi… | |||
| CVE-2012-2274 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||
| CVE-2012-4278 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) notes parameter to (a) admin/agenteditor.php; (2) … | |||
| CVE-2012-4267 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||
| CVE-2012-4266 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of thes… | |||
| CVE-2012-2371 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb param… | |||
| CVE-2012-4262 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maide… | |||
| CVE-2012-4259 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allo… | |||
| CVE-2012-4254 | medium | — | 5.3 | 14y ago | MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php. | |||
| CVE-2012-4253 | medium | — | 5.3 | 14y ago | Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2)… | |||
| CVE-2012-4251 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to… | |||
| CVE-2012-2590 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a… | |||
| CVE-2012-2587 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribu… | |||
| CVE-2012-2585 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT ele… |