Total
28117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2587 | 1 Afterlogic | 1 Mailsuite Pro | 2012-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of (1) an IFRAME element or (2) a SCRIPT element. | |||||
| CVE-2012-3508 | 1 Roundcube | 1 Webmail | 2012-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email. | |||||
| CVE-2012-1835 | 2 Timely, Wordpress | 2 All-in-one Event Calendar, Wordpress | 2012-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php. | |||||
| CVE-2012-4668 | 1 Roundcube | 1 Webmail | 2012-08-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email. | |||||
| CVE-2011-5115 | 1 Dlguard | 1 Dlguard | 2012-08-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the searchCart parameter to index.php. | |||||
| CVE-2011-5114 | 1 Barraguard | 2 Barracuda Link Balancer, Barracuda Link Balancer Series Firmware | 2012-08-24 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Authoritative DNS - DNS Zones page in Barracuda Link Balancer 330 Firmware 1.3.2.005 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) zoneid or (2) scope parameter. | |||||
| CVE-2012-4580 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2012-08-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. | |||||
| CVE-2012-4579 | 1 Phpmyadmin | 1 Phpmyadmin | 2012-08-22 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345. | |||||
| CVE-2012-4272 | 2 Ppfeufer, Wordpress | 2 2-click-social-media-buttons, Wordpress | 2012-08-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "processing of the buttons of Xing and Pinterest". | |||||
| CVE-2012-2985 | 1 Cutesoft Components | 1 Cute Editor | 2012-08-21 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in CuteSoft Cute Editor 6.4 allows remote authenticated users to inject arbitrary web script or HTML via the _UploadID parameter. | |||||
| CVE-2012-4236 | 1 Totalshopuk | 1 Ecommerce | 2012-08-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2012-2563 | 1 Bloxx | 1 Web Filtering | 2012-08-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bloxx Web Filtering before 5.0.14 allow (1) remote attackers to inject arbitrary web script or HTML via web traffic that is examined within the Bloxx Reports component, and allow (2) remote authenticated administrators to inject arbitrary web script or HTML via vectors involving administrative menu functions. | |||||
| CVE-2012-1908 | 1 Splunk | 1 Splunk | 2012-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2012-1597 | 1 Ez | 1 Ezjscore | 2012-08-17 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-4340 | 1 Sybase | 1 Easerver | 2012-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2300 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2012-08-15 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-4266 | 1 Itechscripts | 1 Proman Xpress | 2012-08-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-2326 | 1 Mybb | 1 Mybb | 2012-08-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment. | |||||
| CVE-2012-2331 | 1 S9y | 1 Serendipity | 2012-08-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). | |||||
| CVE-2012-4264 | 2 Bit51, Wordpress | 2 Better-wp-security, Wordpress | 2012-08-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263. | |||||