CVEs from 2012
Total
5,198
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-0047 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter. | |||
| CVE-2012-0719 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to th… | |||
| CVE-2012-1463 | medium | — | 4.3 | 14y ago | The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Anti… | |||
| CVE-2012-1462 | medium | — | 4.3 | 14y ago | The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4… | |||
| CVE-2012-1461 | medium | — | 4.3 | 14y ago | The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus V… | |||
| CVE-2012-1460 | medium | — | 4.3 | 14y ago | The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Jiangmin Antivirus 13.0.900, K7 AntiV… | |||
| CVE-2012-1459 | medium | — | 4.3 | 14y ago | The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefen… | |||
| CVE-2012-1458 | medium | — | 4.3 | 14y ago | The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: t… | |||
| CVE-2012-1457 | medium | — | 4.3 | 14y ago | The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.… | |||
| CVE-2012-1456 | medium | — | 4.3 | 14y ago | The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Ant… | |||
| CVE-2012-1455 | medium | — | 4.3 | 14y ago | The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a CAB file with a modified vMinor version field. NOTE: this may l… | |||
| CVE-2012-1454 | medium | — | 4.3 | 14y ago | The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows… | |||
| CVE-2012-1453 | medium | — | 4.3 | 14y ago | The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly W… | |||
| CVE-2012-1452 | medium | — | 4.3 | 14y ago | The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detec… | |||
| CVE-2012-1451 | medium | — | 4.3 | 14y ago | The CAB file parser in Emsisoft Anti-Malware 5.1.0.1 and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified res… | |||
| CVE-2012-1450 | medium | — | 4.3 | 14y ago | The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Sophos Anti-Virus 4.61.0, and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a C… | |||
| CVE-2012-1449 | medium | — | 4.3 | 14y ago | The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a CAB file with a modified vMajor field. NOTE: this may later be … | |||
| CVE-2012-1448 | medium | — | 4.3 | 14y ago | The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend Micro AntiVirus 9.120.0.1004, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Trend Micro HouseCall 9.120.0.1004, and Emsis… | |||
| CVE-2012-1447 | medium | — | 4.3 | 14y ago | The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modifi… | |||
| CVE-2012-1446 | medium | — | 4.3 | 14y ago | The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe… | |||
| CVE-2012-1445 | medium | — | 4.3 | 14y ago | The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file wit… | |||
| CVE-2012-1444 | medium | — | 4.3 | 14y ago | The ELF file parser in eSafe 7.0.17.0, Prevx 3.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abiver… | |||
| CVE-2012-1443 | medium | — | 4.3 | 14y ago | The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antiv… | |||
| CVE-2012-1442 | medium | — | 4.3 | 14y ago | The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.12… | |||
| CVE-2012-1441 | medium | — | 4.3 | 14y ago | The Microsoft EXE file parser in eSafe 7.0.17.0 and Prevx 3.0 allows remote attackers to bypass malware detection via an EXE file with a modified value in any of several e_ fields. NOTE: this may la… | |||
| CVE-2012-1440 | medium | — | 4.3 | 14y ago | The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malwar… | |||
| CVE-2012-1439 | medium | — | 4.3 | 14y ago | The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file wit… | |||
| CVE-2012-1438 | medium | — | 4.3 | 14y ago | The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via an Office file with a ustar character sequence at a cert… | |||
| CVE-2012-1437 | medium | — | 4.3 | 14y ago | The Microsoft Office file parser in Comodo Antivirus 7425 allows remote attackers to bypass malware detection via an Office file with a \50\4B\53\70\58 character sequence at a certain location. | |||
| CVE-2012-1436 | medium | — | 4.3 | 14y ago | The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus… | |||
| CVE-2012-1435 | medium | — | 4.3 | 14y ago | The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus… | |||
| CVE-2012-1434 | medium | — | 4.3 | 14y ago | The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows… | |||
| CVE-2012-1433 | medium | — | 4.3 | 14y ago | The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus… | |||
| CVE-2012-1432 | medium | — | 4.3 | 14y ago | The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass… | |||
| CVE-2012-1431 | medium | — | 4.3 | 14y ago | The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwas… | |||
| CVE-2012-1430 | medium | — | 4.3 | 14y ago | The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 201… | |||
| CVE-2012-1429 | medium | — | 4.3 | 14y ago | The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0,… | |||
| CVE-2012-1428 | medium | — | 4.3 | 14y ago | The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \4a… | |||
| CVE-2012-1427 | medium | — | 4.3 | 14y ago | The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \57… | |||
| CVE-2012-1426 | medium | — | 4.3 | 14y ago | The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, K7 AntiVirus 9.77.3565, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03… | |||
| CVE-2012-1425 | medium | — | 4.3 | 14y ago | The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities … | |||
| CVE-2012-1424 | medium | — | 4.3 | 14y ago | The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Jiangmin Antivirus 13.0.900, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, and Sophos Anti-Virus 4.61.… | |||
| CVE-2012-1423 | medium | — | 4.3 | 14y ago | The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7… | |||
| CVE-2012-1422 | medium | — | 4.3 | 14y ago | The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a… | |||
| CVE-2012-1421 | medium | — | 4.3 | 14y ago | The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attack… | |||
| CVE-2012-1420 | medium | — | 4.3 | 14y ago | The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.1… | |||
| CVE-2012-1419 | medium | — | 4.3 | 14y ago | The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NO… | |||
| CVE-2012-0399 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-0872 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in OxWall 1.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) captchaField, (2) email, (3) form_name, (4) p… | |||
| CVE-2012-1789 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Kongreg8 1.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) surname or (2) firstname parameters to modules/members/… | |||
| CVE-2012-1788 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi in WonderDesk SQL 4.14 allow remote attackers to inject arbitrary web script or HTML via the (1) cus_email parameter in a cust_lo… | |||
| CVE-2012-1781 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ajax/commentajax.php in SocialCMS 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) TREF_email_address or (2) TR_n… | |||
| CVE-2012-1779 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in IDevSpot idev-BusinessDirectory 3.0 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter to index.php. | |||
| CVE-2012-1512 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script… | |||
| CVE-2012-1511 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2012-0404 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-0455 | medium | — | 4.3 | 14y ago | Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not… | |||
| CVE-2012-0451 | medium | — | 4.3 | 14y ago | CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows rem… | |||
| CVE-2012-0156 | medium | — | 4.3 | 14y ago | DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a d… | |||
| CVE-2012-0152 | medium | — | 4.3 | 14y ago | The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a serie… | |||
| CVE-2012-0688 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWor… | |||
| CVE-2012-0195 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Mana… | |||
| CVE-2012-0325 | medium | — | 4.3 | 14y ago | Jenkins allows Cross-Site Scripting (XSS) | |||
| CVE-2012-0324 | medium | — | 4.3 | 14y ago | Jenkins allows Cross-Site Scripting (XSS) | |||
| CVE-2012-0323 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-0590 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop… | |||
| CVE-2012-0589 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability … | |||
| CVE-2012-0588 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability … | |||
| CVE-2012-0587 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability … | |||
| CVE-2012-0586 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability … | |||
| CVE-2012-0322 | medium | — | 4.3 | 14y ago | The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspeci… | |||
| CVE-2012-1262 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote att… | |||
| CVE-2012-0318 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors invol… | |||
| CVE-2012-0715 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to injec… | |||
| CVE-2012-1099 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3… | |||
| CVE-2012-1098 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors in… | |||
| CVE-2012-1410 | medium | — | 4.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) S… | |||
| CVE-2012-6684 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. | |||
| CVE-2012-1212 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName function in extensions/SMWHalo/includes/SMW_Initialize.php in Semantic Enterprise Wiki (SMW+) 1.5.6, 1.6.0_2 and earlier allows r… | |||
| CVE-2012-1209 | medium | — | 4.3 | 15y ago | Fork CMS XSS via Highlight Parameter | |||
| CVE-2012-1000 | medium | — | 4.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 and other versions before 1.1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to admi… | |||
| CVE-2012-1290 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2012-0707 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with… | |||
| CVE-2012-0233 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. | |||
| CVE-2012-1219 | medium | — | 4.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in freelancerKit 2.35 allow remote attackers to inject arbitrary web script or HTML via the (1) ticket parameter to tickets.php, (2) title paramete… | |||
| CVE-2012-0995 | medium | — | 4.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in an external action to zp-core/admin.ph… | |||
| CVE-2012-1215 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field … | |||
| CVE-2012-1214 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in the Add friends module in Yoono Desktop Application before 1.8.21 allows remote attackers to inject arbitrary web script or HTML via the create field in a … | |||
| CVE-2012-0506 | medium | — | 4.3 | 15y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows… | |||
| CVE-2012-0765 | medium | — | 4.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 8 and 9 for Word allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to certain .htm files i… | |||
| CVE-2012-0145 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbit… | |||
| CVE-2012-0144 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitra… | |||
| CVE-2012-0017 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences … | |||
| CVE-2012-0012 | medium | — | 4.3 | 15y ago | Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a craf… | |||
| CVE-2012-0010 | medium | — | 4.3 | 15y ago | Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a … | |||
| CVE-2012-1087 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via un… | |||
| CVE-2012-1086 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-1084 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-1081 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspec… | |||
| CVE-2012-1080 | medium | — | 4.3 | 15y ago | Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |