CVEs from 2012
Total
5,198
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-6360 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in IBM Intelligent Operations Center 1.5.0 allows remote attackers to inject arbitrary web script or HTML via event data fields. | |||
| CVE-2012-6359 | medium | — | 4.3 | 14y ago | IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.1… | |||
| CVE-2012-6088 | medium | — | 4.3 | 14y ago | The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass … | |||
| CVE-2012-5531 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vector… | |||
| CVE-2012-4689 | medium | — | 4.3 | 14y ago | Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denia… | |||
| CVE-2012-6397 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub619… | |||
| CVE-2012-5097 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3.0, 11.1.1.5.0, and 11.1.2.0.0 allows remote attackers to affect integrity, related to OAM Webgate. | |||
| CVE-2012-5062 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.… | |||
| CVE-2012-5059 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a diff… | |||
| CVE-2012-3219 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.… | |||
| CVE-2012-1755 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote attackers to affect integrity via vectors related to PeopleBooks - PSOL. | |||
| CVE-2012-1677 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2012-5157 | medium | — | 4.3 | 14y ago | Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document. | |||
| CVE-2012-6501 | medium | — | 4.3 | 14y ago | The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) before 1.2.0.1 allows remote attackers to cause a denial of service (kill process) via the partial or full name of a process. | |||
| CVE-2012-2378 | medium | — | 4.3 | 14y ago | Improper Authentication in Apache CXF | |||
| CVE-2012-4543 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSi… | |||
| CVE-2012-5977 | medium | — | 4.3 | 14y ago | Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-dig… | |||
| CVE-2012-5666 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PAT… | |||
| CVE-2012-5665 | medium | — | 4.3 | 14y ago | ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by edi… | |||
| CVE-2012-5654 | medium | — | 4.3 | 14y ago | The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags… | |||
| CVE-2012-6467 | medium | — | 4.3 | 14y ago | Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafte… | |||
| CVE-2012-6464 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native … | |||
| CVE-2012-6463 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and… | |||
| CVE-2012-6459 | medium | — | 4.3 | 14y ago | ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets. | |||
| CVE-2012-4970 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote att… | |||
| CVE-2012-6453 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed. | |||
| CVE-2012-6339 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a l… | |||
| CVE-2012-6369 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted… | |||
| CVE-2012-5625 | medium | — | 4.3 | 14y ago | OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which a… | |||
| CVE-2012-0962 | medium | — | 4.3 | 14y ago | Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-t… | |||
| CVE-2012-0958 | medium | — | 4.3 | 14y ago | content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtai… | |||
| CVE-2012-5591 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the … | |||
| CVE-2012-5587 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link. | |||
| CVE-2012-5584 | medium | — | 4.3 | 14y ago | The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block. | |||
| CVE-2012-5182 | medium | — | 4.3 | 14y ago | The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted applicati… | |||
| CVE-2012-5180 | medium | — | 4.3 | 14y ago | The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a cr… | |||
| CVE-2012-0428 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4698 | medium | — | 4.3 | 14y ago | Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH commun… | |||
| CVE-2012-5181 | medium | — | 4.3 | 14y ago | Concrete5 Vulnerable to Cross-Site Scripting (XSS) | |||
| CVE-2012-4839 | medium | — | 4.3 | 14y ago | The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element. | |||
| CVE-2012-3428 | medium | — | 4.3 | 14y ago | User confusion in IronJacamar | |||
| CVE-2012-5177 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4846 | medium | — | 4.3 | 14y ago | IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensiti… | |||
| CVE-2012-4431 | medium | — | 4.3 | 14y ago | Cross-Site Request Forgery in Apache Tomcat | |||
| CVE-2012-3546 | medium | — | 4.3 | 14y ago | Authentication Bypass in Apache Tomcat | |||
| CVE-2012-5608 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST paramete… | |||
| CVE-2012-5606 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/ve… | |||
| CVE-2012-4972 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sys_solution_id, (2) sys_requesttype_id, (3) sys_… | |||
| CVE-2012-5956 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset da… | |||
| CVE-2012-3297 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows rem… | |||
| CVE-2012-5176 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 5.02 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to tag embedding. | |||
| CVE-2012-5175 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to access-log data. | |||
| CVE-2012-3272 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before… | |||
| CVE-2012-4985 | medium | — | 4.3 | 14y ago | The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote attackers to conduct ARP poisoning attacks via crafted packets. | |||
| CVE-2012-4983 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device before 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the a parameter to assets/l… | |||
| CVE-2012-4609 | medium | — | 4.3 | 14y ago | The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2012-5604 | medium | — | 4.3 | 14y ago | ldap_fluff authentication bypass | |||
| CVE-2012-5569 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or… | |||
| CVE-2012-5551 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) … | |||
| CVE-2012-5548 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-5543 | medium | — | 4.3 | 14y ago | The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes vi… | |||
| CVE-2012-5541 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2012-5540 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Hostip module 6.x-2.x before 6.x-2.2 and 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers with control of hostip.info to inject arbi… | |||
| CVE-2012-4476 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4474 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified paramet… | |||
| CVE-2012-4468 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a user name in a private message. | |||
| CVE-2012-4222 | medium | — | 4.3 | 14y ago | drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) v… | |||
| CVE-2012-4611 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vecto… | |||
| CVE-2012-6037 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2012-2253 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query paramete… | |||
| CVE-2012-2247 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a… | |||
| CVE-2012-2243 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml ext… | |||
| CVE-2012-4602 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via t… | |||
| CVE-2012-3431 | medium | — | 4.3 | 14y ago | The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specifica… | |||
| CVE-2012-5756 | medium | — | 4.3 | 14y ago | The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different cus… | |||
| CVE-2012-2211 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware before 1.8.004.20120405 allows remote attackers to inject arbitrary web script or HTML via the menuacti… | |||
| CVE-2012-2084 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web sc… | |||
| CVE-2012-5841 | medium | — | 4.3 | 14y ago | Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering … | |||
| CVE-2012-4209 | medium | — | 4.3 | 14y ago | Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribut… | |||
| CVE-2012-4208 | medium | — | 4.3 | 14y ago | The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote atta… | |||
| CVE-2012-4207 | medium | — | 4.3 | 14y ago | The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do… | |||
| CVE-2012-4201 | medium | — | 4.3 | 14y ago | The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incor… | |||
| CVE-2012-5920 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 through 2.5 Final, as used in JBoss Operations Network (ON) 3.1.1 and possibly other products, allows remote attackers to inje… | |||
| CVE-2012-4563 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 Beta and release candidates before 2.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vector… | |||
| CVE-2012-3354 | medium | — | 4.3 | 14y ago | doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the inst… | |||
| CVE-2012-4541 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4233 | medium | — | 4.3 | 14y ago | LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.… | |||
| CVE-2012-4533 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated … | |||
| CVE-2012-4950 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Keyword Search page in the web interface in Pattern Insight 2.3 allows remote attackers to inject arbitrary web script or HTML via crafted characters t… | |||
| CVE-2012-4942 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to inject arbitrary web script or HTML via an arbitrary text fi… | |||
| CVE-2012-5911 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body. | |||
| CVE-2012-5906 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in an about: page or (2) the la… | |||
| CVE-2012-5902 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter. | |||
| CVE-2012-5889 | medium | — | 4.3 | 14y ago | powermail extension for TYPO3 has Cross-site Scripting vulnerability | |||
| CVE-2012-5888 | medium | — | 4.3 | 14y ago | Basic SEO Features (seo_basics) extension TYPO3 vulnerable to Cross-site Scripting | |||
| CVE-2012-5856 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-5883 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x an… | |||
| CVE-2012-5882 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploade… | |||
| CVE-2012-5881 | medium | — | 4.3 | 14y ago | Cross-site scripting in yui 2.4.0 | |||
| CVE-2012-4199 | medium | — | 4.3 | 14y ago | template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function… |