| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2015-1028 |
79 |
3
|
XSS |
2015-01-21 |
2015-01-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer). |
|
2 |
CVE-2012-5388 |
79 |
2
|
XSS |
2012-10-24 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387. |
|
3 |
CVE-2012-1979 |
79 |
2
|
XSS |
2012-04-17 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action. |
|
4 |
CVE-2012-1613 |
79 |
2
|
XSS |
2012-09-04 |
2013-07-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter. |
|
5 |
CVE-2012-1417 |
79 |
2
|
XSS |
2014-09-17 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com. |
|
6 |
CVE-2009-4567 |
79 |
2
|
XSS |
2010-01-05 |
2017-08-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the (1) skype, (2) yahoo, (3) aol, (4) msn, or (5) jabber parameter in a profile2 action. NOTE: some of these details are obtained from third party information. |
|
7 |
CVE-2015-1054 |
79 |
1
|
XSS |
2015-01-16 |
2017-09-08 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Games feature in Crea8Social 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the Game Content field in Add Game. |
|
8 |
CVE-2014-5276 |
79 |
1
|
XSS |
2014-10-20 |
2017-09-08 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php. |
|
9 |
CVE-2014-3840 |
79 |
1
|
XSS |
2014-05-27 |
2014-06-18 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bootstrap setup, or Title field in a (4) smart link or (5) web form. |
|
10 |
CVE-2014-3740 |
79 |
1
|
XSS |
2014-09-11 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page. |
|
11 |
CVE-2014-3544 |
79 |
1
|
XSS |
2014-07-29 |
2020-12-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field. |
|
12 |
CVE-2014-2477 |
|
1
|
|
2014-07-17 |
2018-10-09 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2486. |
|
13 |
CVE-2013-7274 |
79 |
1
|
XSS |
2014-01-08 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload. |
|
14 |
CVE-2013-7194 |
79 |
1
|
XSS |
2013-12-21 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field. |
|
15 |
CVE-2013-7025 |
79 |
1
|
XSS |
2013-12-09 |
2018-03-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp. |
|
16 |
CVE-2013-6232 |
79 |
1
|
XSS |
2014-03-09 |
2018-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page. |
|
17 |
CVE-2013-5317 |
79 |
1
|
XSS |
2013-08-20 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php. |
|
18 |
CVE-2013-1959 |
264 |
1
|
+Priv |
2013-05-03 |
2013-12-01 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process. |
|
19 |
CVE-2012-6064 |
22 |
1
|
Dir. Trav. CSRF |
2012-12-03 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files. |
|
20 |
CVE-2012-4270 |
79 |
1
|
XSS |
2012-08-13 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message. |
|
21 |
CVE-2012-3871 |
79 |
1
|
XSS |
2012-12-28 |
2012-12-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter. |
|
22 |
CVE-2012-3870 |
79 |
1
|
XSS |
2012-12-28 |
2012-12-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or (2) description parameter. |
|
23 |
CVE-2012-2206 |
264 |
1
|
|
2012-08-17 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI. |
|
24 |
CVE-2012-1593 |
|
1
|
DoS |
2012-04-11 |
2017-12-29 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. |
|
25 |
CVE-2011-4830 |
79 |
1
|
XSS |
2011-12-15 |
2011-12-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php. |
|
26 |
CVE-2011-4340 |
79 |
1
|
XSS |
2012-02-12 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via (1) the profile parameter to extensions/profiledevkit/content/content.profile.php, as demonstrated via requests to (a) the default URI, (b) about/, or (c) drafts/; or (2) the filter parameter in symphony/lib/core/class.symphony.php, as demonstrated via requests to (d) symphony/publish/comments or (e) symphony/publish/images. NOTE: some of these details are obtained from third party information. |
|
27 |
CVE-2011-2544 |
79 |
1
|
DoS XSS CSRF |
2011-09-23 |
2018-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488. |
|
28 |
CVE-2010-4275 |
79 |
1
|
XSS |
2010-12-22 |
2017-08-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to admin.php. |
|
29 |
CVE-2010-3266 |
79 |
1
|
XSS |
2010-12-02 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the id parameter to edit_user_permissions2.aspx, or (4) the default_name parameter to edit_customfield.aspx. NOTE: some of these details are obtained from third party information. |
|
30 |
CVE-2010-2698 |
79 |
1
|
XSS |
2010-07-12 |
2017-08-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
31 |
CVE-2010-2697 |
79 |
1
|
XSS |
2010-07-12 |
2017-08-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are obtained from third party information. |
|
32 |
CVE-2010-0801 |
22 |
1
|
Dir. Trav. |
2010-03-02 |
2010-03-03 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller parameter in an edit task to administrator/index.php. NOTE: some of these details are obtained from third party information. |
|
33 |
CVE-2010-0606 |
79 |
1
|
XSS |
2010-02-11 |
2010-11-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php. |
|
34 |
CVE-2010-0460 |
79 |
1
|
XSS |
2010-01-28 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information. |
|
35 |
CVE-2010-0370 |
79 |
1
|
XSS |
2010-01-21 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title). |
|
36 |
CVE-2009-2327 |
79 |
1
|
XSS |
2009-07-05 |
2017-09-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet Forum 1.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the v_variant1 parameter. |
|
37 |
CVE-2004-2643 |
|
1
|
Dir. Trav. |
2004-12-31 |
2017-07-20 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive. |
|
38 |
CVE-2022-34212 |
862 |
|
|
2022-06-23 |
2022-06-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. |
|
39 |
CVE-2022-34198 |
79 |
|
XSS |
2022-06-23 |
2022-06-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
40 |
CVE-2022-34197 |
79 |
|
XSS |
2022-06-23 |
2022-06-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
41 |
CVE-2022-34196 |
79 |
|
XSS |
2022-06-23 |
2022-06-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
42 |
CVE-2022-34195 |
79 |
|
XSS |
2022-06-23 |
2022-06-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
43 |
CVE-2022-34194 |
79 |
|
XSS |
2022-06-23 |
2022-06-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
44 |
CVE-2022-34193 |
79 |
|
XSS |
2022-06-23 |
2022-06-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
45 |
CVE-2022-34192 |
79 |
|
XSS |
2022-06-23 |
2022-06-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
46 |
CVE-2022-34191 |
79 |
|
XSS |
2022-06-23 |
2022-06-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
47 |
CVE-2022-34190 |
79 |
|
XSS |
2022-06-23 |
2022-06-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
48 |
CVE-2022-34189 |
79 |
|
XSS |
2022-06-23 |
2022-06-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
49 |
CVE-2022-34188 |
79 |
|
XSS |
2022-06-23 |
2022-06-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
50 |
CVE-2022-34187 |
79 |
|
XSS |
2022-06-23 |
2022-06-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
