CVEs from 2012
Total
5,198
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-4189 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value … | |||
| CVE-2012-4612 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2012-4955 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web scri… | |||
| CVE-2012-4851 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. | |||
| CVE-2012-5827 | medium | — | 4.3 | 14y ago | Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." | |||
| CVE-2012-4023 | medium | — | 4.3 | 14y ago | CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||
| CVE-2012-4532 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web scrip… | |||
| CVE-2012-4531 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4494 | medium | — | 4.3 | 14y ago | The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibl… | |||
| CVE-2012-4490 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) user name or… | |||
| CVE-2012-4485 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow rem… | |||
| CVE-2012-4484 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via un… | |||
| CVE-2012-4547 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors. | |||
| CVE-2012-4195 | medium | — | 4.3 | 14y ago | The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does n… | |||
| CVE-2012-4194 | medium | — | 4.3 | 14y ago | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to… | |||
| CVE-2012-4019 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in tokyo_bbs.cgi in Come on Girls Interface (CGI) Tokyo BBS allows remote attackers to inject arbitrary web script or HTML via vectors related to the error pa… | |||
| CVE-2012-5368 | medium | — | 4.3 | 14y ago | phpMyAdmin Unsafe Fetching of Javascript Code | |||
| CVE-2012-5456 | medium | — | 4.3 | 14y ago | The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-t… | |||
| CVE-2012-5455 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a … | |||
| CVE-2012-5169 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, … | |||
| CVE-2012-1154 | medium | — | 4.3 | 14y ago | Improper Access Control in JBoss mod_cluster | |||
| CVE-2012-5093 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect integrity via unknown vectors related… | |||
| CVE-2012-5091 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Agile Product Supplier Collaboration for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect confidenti… | |||
| CVE-2012-5058 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors relat… | |||
| CVE-2012-3230 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework. | |||
| CVE-2012-3194 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote attackers to affect integrity via unknown v… | |||
| CVE-2012-3182 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology. | |||
| CVE-2012-3175 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to R… | |||
| CVE-2012-3161 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote attackers to affect integrity via unknown vectors related to Web Clie… | |||
| CVE-2012-3139 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity, related to Signon (local and SSO). | |||
| CVE-2012-3138 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors relat… | |||
| CVE-2012-1686 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.6 and other versions allows remote attackers to affect integrity via unkn… | |||
| CVE-2012-1685 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 allows remote attackers to affect integrity via unknown vectors related to Core. | |||
| CVE-2012-0107 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect availability via unknown vectors related to W… | |||
| CVE-2012-0093 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web,… | |||
| CVE-2012-0071 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web,… | |||
| CVE-2012-4192 | medium | — | 4.3 | 14y ago | Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue… | |||
| CVE-2012-5384 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_… | |||
| CVE-2012-4445 | medium | — | 4.3 | 14y ago | Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a de… | |||
| CVE-2012-3040 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. | |||
| CVE-2012-4184 | medium | — | 4.3 | 14y ago | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 d… | |||
| CVE-2012-3994 | medium | — | 4.3 | 14y ago | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site script… | |||
| CVE-2012-3992 | medium | — | 4.3 | 14y ago | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows r… | |||
| CVE-2012-3986 | medium | — | 4.3 | 14y ago | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (a… | |||
| CVE-2012-3985 | medium | — | 4.3 | 14y ago | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (… | |||
| CVE-2012-4003 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2012-2552 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows r… | |||
| CVE-2012-2520 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groov… | |||
| CVE-2012-0846 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable. | |||
| CVE-2012-5314 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the f parameter. | |||
| CVE-2012-4825 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2012-5305 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter. | |||
| CVE-2012-1634 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EM… | |||
| CVE-2012-1564 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in administration/create_album.php in YVS Image Gallery allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-0986 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO… | |||
| CVE-2012-5050 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4018 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWebSearch before 1.23 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | |||
| CVE-2012-5296 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approv… | |||
| CVE-2012-1636 | medium | — | 4.3 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes v… | |||
| CVE-2012-5232 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4437 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors t… | |||
| CVE-2012-2683 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web scr… | |||
| CVE-2012-4912 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script… | |||
| CVE-2012-4017 | medium | — | 4.3 | 14y ago | The jigbrowser+ application before 1.5.0 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | |||
| CVE-2012-4016 | medium | — | 4.3 | 14y ago | The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application. | |||
| CVE-2012-2889 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)." | |||
| CVE-2012-2886 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Google V8 bindings, aka "Univer… | |||
| CVE-2012-2879 | medium | — | 4.3 | 14y ago | Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document. | |||
| CVE-2012-5164 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2) search/a… | |||
| CVE-2012-5163 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category ac… | |||
| CVE-2012-1117 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-1646 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via th… | |||
| CVE-2012-1293 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to … | |||
| CVE-2012-1103 | medium | — | 4.3 | 14y ago | emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an … | |||
| CVE-2012-4015 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that tr… | |||
| CVE-2012-3037 | medium | — | 4.3 | 14y ago | The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web ser… | |||
| CVE-2012-3451 | medium | — | 4.3 | 14y ago | Remote web-service operation execution in Apache CXF | |||
| CVE-2012-5103 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in action/add-submit.php in Ggb Guestbook 0.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) message parame… | |||
| CVE-2012-3746 | medium | — | 4.3 | 14y ago | UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a … | |||
| CVE-2012-3733 | medium | — | 4.3 | 14y ago | Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allo… | |||
| CVE-2012-3730 | medium | — | 4.3 | 14y ago | Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail me… | |||
| CVE-2012-3720 | medium | — | 4.3 | 14y ago | Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers t… | |||
| CVE-2012-3715 | medium | — | 4.3 | 14y ago | Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive informati… | |||
| CVE-2012-3714 | medium | — | 4.3 | 14y ago | The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card f… | |||
| CVE-2012-3713 | medium | — | 4.3 | 14y ago | Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a down… | |||
| CVE-2012-4995 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the full_name parame… | |||
| CVE-2012-3373 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequenc… | |||
| CVE-2012-0272 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge paramete… | |||
| CVE-2012-1183 | medium | — | 4.3 | 14y ago | Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when … | |||
| CVE-2012-3034 | medium | — | 4.3 | 14y ago | WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified method… | |||
| CVE-2012-3031 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web sc… | |||
| CVE-2012-2060 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-2059 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-1899 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in webfolio/admin/users/edit in Webfolio CMS 1.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name… | |||
| CVE-2012-4968 | medium | — | 4.3 | 14y ago | Silverstripe XSS Vulnerabilities | |||
| CVE-2012-4360 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecif… | |||
| CVE-2012-4013 | medium | — | 4.3 | 14y ago | The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a cra… | |||
| CVE-2012-4904 | medium | — | 4.3 | 14y ago | Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal… | |||
| CVE-2012-2975 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0 through 11.2.0 HF2 allows remote attackers to inject arbitrary web script or HTML via crafted requ… | |||
| CVE-2012-2536 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTM… |