Total
39848 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-3373 | 1 Drupal | 1 Views Builk Operations | 2024-11-21 | 6.1 Medium |
| Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used. A remote attacker could provide a specially-crafted URL that could lead to cross-site scripting (XSS) attack. | ||||
| CVE-2011-3370 | 1 Status | 1 Statusnet | 2024-11-21 | 6.1 Medium |
| statusnet before 0.9.9 has XSS | ||||
| CVE-2011-3352 | 1 Ziku | 1 Zikula | 2024-11-21 | 4.8 Medium |
| Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website. | ||||
| CVE-2011-3202 | 1 Jcow | 1 Jcow Cms | 2024-11-21 | 6.1 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier. | ||||
| CVE-2011-3183 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier. | ||||
| CVE-2011-2935 | 1 Elgg | 1 Elgg | 2024-11-21 | 6.1 Medium |
| Elgg through 1.7.10 has XSS | ||||
| CVE-2011-2714 | 1 Drupal | 2 Data, Drupal | 2024-11-21 | 6.1 Medium |
| A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display. | ||||
| CVE-2011-2706 | 1 Snewscms | 1 Snews | 2024-11-21 | 6.1 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71. | ||||
| CVE-2011-2670 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.1 Medium |
| Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets | ||||
| CVE-2011-2499 | 1 Mambo-foundation | 1 Mambo Cms | 2024-11-21 | 6.1 Medium |
| Mambo CMS through 4.6.5 has multiple XSS. | ||||
| CVE-2011-1497 | 1 Rubyonrails | 1 Rails | 2024-11-21 | 6.1 Medium |
| A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6. | ||||
| CVE-2011-1150 | 1 Bbpress | 1 Bbpress | 2024-11-21 | 6.1 Medium |
| bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter. | ||||
| CVE-2011-1135 | 1 S9y | 1 Serendipity | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php. | ||||
| CVE-2011-1133 | 1 S9y | 1 Serendipity | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php. | ||||
| CVE-2011-1086 | 1 Openfiler | 1 Openfiler | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter. | ||||
| CVE-2011-1084 | 1 Smoothwall | 1 Smoothwall Express | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Smoothwall Express 3. | ||||
| CVE-2011-1069 | 1 Phpshop | 1 Phpshop | 2024-11-21 | 6.1 Medium |
| PHPShop through 0.8.1 has XSS. | ||||
| CVE-2011-1009 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | 6.1 Medium |
| Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter. | ||||
| CVE-2011-0544 | 2 Debian, Phpbb | 2 Debian Linux, Phpbb | 2024-11-21 | 6.1 Medium |
| phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. | ||||
| CVE-2011-0428 | 1 Ikiwiki | 1 Ikiwiki | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments. | ||||