CVEs from 2012
Total
5,198
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-3115 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1, 11.1.1.5, and 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Ins… | |||
| CVE-2012-3114 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote attackers to affect integrity via unknown vec… | |||
| CVE-2012-3112 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Solaris Management Console. | |||
| CVE-2012-1761 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to UI Framework. | |||
| CVE-2012-1760 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1742. | |||
| CVE-2012-1730 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors r… | |||
| CVE-2012-1729 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3 and earlier allows remote attackers to affect integrity via unknown vectors related to UI and Visualization. | |||
| CVE-2012-1715 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity, related to HTML Page… | |||
| CVE-2012-0799 | medium | — | 4.3 | 14y ago | Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page. | |||
| CVE-2012-2645 | medium | — | 4.3 | 14y ago | The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted ap… | |||
| CVE-2012-2021 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager 5.20, 5.21, 5.22, and 9.30 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-2278 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before … | |||
| CVE-2012-0283 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns… | |||
| CVE-2012-3999 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||
| CVE-2012-3997 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to inject arbitrary web script or HTML via the (1) paste_user or (2) paste_lang parame… | |||
| CVE-2012-3382 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitra… | |||
| CVE-2012-1870 | medium | — | 4.3 | 14y ago | The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other p… | |||
| CVE-2012-1863 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attacker… | |||
| CVE-2012-1861 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to in… | |||
| CVE-2012-1859 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows rem… | |||
| CVE-2012-3238 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Co… | |||
| CVE-2012-2446 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a loo… | |||
| CVE-2012-2644 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different… | |||
| CVE-2012-2643 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted form entry. | |||
| CVE-2012-2642 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different… | |||
| CVE-2012-2018 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-2641 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library. | |||
| CVE-2012-0302 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-2143 | medium | — | 4.3 | 14y ago | The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contai… | |||
| CVE-2012-3846 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin 2.1 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | |||
| CVE-2012-3844 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post. | |||
| CVE-2012-3843 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-3833 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the default index page in admin/ in Quick.CMS 4.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | |||
| CVE-2012-3832 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in Decoda before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to (1) b or (2) div tags. | |||
| CVE-2012-3828 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header. | |||
| CVE-2012-1147 | medium | — | 4.3 | 14y ago | readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. | |||
| CVE-2012-0876 | medium | — | 4.3 | 14y ago | The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a deni… | |||
| CVE-2012-3826 | low | — | 4.3 | 14y ago | Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vul… | |||
| CVE-2012-3825 | low | — | 4.3 | 14y ago | Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bl… | |||
| CVE-2012-2394 | low | — | 4.3 | 14y ago | Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause… | |||
| CVE-2012-2393 | low | — | 4.3 | 14y ago | epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote atta… | |||
| CVE-2012-2392 | low | — | 4.3 | 14y ago | Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 8… | |||
| CVE-2012-2664 | medium | — | 4.3 | 14y ago | The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archiv… | |||
| CVE-2012-1118 | medium | — | 4.3 | 14y ago | The access_has_bug_level function in core/access_api.php in MantisBT before 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote attacke… | |||
| CVE-2012-2717 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL f… | |||
| CVE-2012-2722 | medium | — | 4.3 | 14y ago | The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows r… | |||
| CVE-2012-2715 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web scri… | |||
| CVE-2012-2706 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration. | |||
| CVE-2012-0186 | medium | — | 4.3 | 14y ago | Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a cr… | |||
| CVE-2012-2495 | medium | — | 4.3 | 14y ago | The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the… | |||
| CVE-2012-2494 | medium | — | 4.3 | 14y ago | The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to t… | |||
| CVE-2012-3790 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight param… | |||
| CVE-2012-2180 | medium | — | 4.3 | 14y ago | The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL po… | |||
| CVE-2012-2170 | medium | — | 4.3 | 14y ago | The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request informati… | |||
| CVE-2012-2161 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Li… | |||
| CVE-2012-0720 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject ar… | |||
| CVE-2012-0716 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspe… | |||
| CVE-2012-2638 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT before 2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-2637 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie. | |||
| CVE-2012-2636 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-2668 | medium | — | 4.3 | 14y ago | libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDA… | |||
| CVE-2012-2417 | medium | — | 4.3 | 14y ago | PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers … | |||
| CVE-2012-2635 | medium | — | 4.3 | 14y ago | The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive i… | |||
| CVE-2012-2633 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp plugin before 1.8.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||
| CVE-2012-2631 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB ShoppingCart before 1.5.2.0, and @WEB ShoppingCart T 1.5.0.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2012-3566 | medium | — | 4.3 | 14y ago | Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code that changes a form before submission. | |||
| CVE-2012-3562 | medium | — | 4.3 | 14y ago | Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by … | |||
| CVE-2012-3560 | medium | — | 4.3 | 14y ago | Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by de… | |||
| CVE-2012-2011 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin 8.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-2041 | medium | — | 4.3 | 14y ago | CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via un… | |||
| CVE-2012-1882 | medium | — | 4.3 | 14y ago | Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka… | |||
| CVE-2012-1873 | medium | — | 4.3 | 14y ago | Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML docum… | |||
| CVE-2012-1857 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynami… | |||
| CVE-2012-1825 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web s… | |||
| CVE-2012-2563 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Bloxx Web Filtering before 5.0.14 allow (1) remote attackers to inject arbitrary web script or HTML via web traffic that is examined within the … | |||
| CVE-2012-2038 | medium | — | 4.3 | 14y ago | Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and be… | |||
| CVE-2012-2598 | medium | — | 4.3 | 14y ago | Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input. | |||
| CVE-2012-2595 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors … | |||
| CVE-2012-1814 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject … | |||
| CVE-2012-2667 | medium | — | 4.3 | 14y ago | Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate metho… | |||
| CVE-2012-1944 | medium | — | 4.3 | 14y ago | The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey b… | |||
| CVE-2012-2094 | medium | — | 4.3 | 14y ago | OpenStack Horizon Cross-site scripting (XSS) vulnerability | |||
| CVE-2012-0944 | medium | — | 4.3 | 14y ago | Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via … | |||
| CVE-2012-0862 | medium | — | 4.3 | 14y ago | builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access … | |||
| CVE-2012-1254 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-2630 | medium | — | 4.3 | 14y ago | The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a craft… | |||
| CVE-2012-1252 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a feed, a different vulnerability than CVE-2006-4760. | |||
| CVE-2012-0220 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author o… | |||
| CVE-2012-2936 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) page parameter to (a) admin/admin_c… | |||
| CVE-2012-2935 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script… | |||
| CVE-2012-2235 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is… | |||
| CVE-2012-2759 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script… | |||
| CVE-2012-2920 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web… | |||
| CVE-2012-2339 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "ta… | |||
| CVE-2012-0296 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vect… | |||
| CVE-2012-2916 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option par… | |||
| CVE-2012-2912 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter in the show… | |||
| CVE-2012-2901 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the… | |||
| CVE-2012-1246 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie. | |||
| CVE-2012-0675 | medium | — | 4.3 | 14y ago | Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Caps… |