| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2015-1028 |
79 |
3
|
XSS |
2015-01-21 |
2015-01-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer). |
|
2 |
CVE-2010-3602 |
79 |
3
|
XSS |
2010-09-24 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. NOTE: some of these details are obtained from third party information. |
|
3 |
CVE-2015-2790 |
20 |
2
|
DoS Mem. Corr. |
2015-03-30 |
2016-12-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. |
|
4 |
CVE-2013-7280 |
119 |
2
|
DoS Overflow |
2014-01-08 |
2016-12-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file. |
|
5 |
CVE-2012-6644 |
79 |
2
|
XSS |
2014-04-08 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php. |
|
6 |
CVE-2012-6517 |
79 |
2
|
XSS |
2013-01-24 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2) question or (3) answer parameter to modules/poll/edit.php. |
|
7 |
CVE-2012-5905 |
119 |
2
|
DoS Overflow |
2012-11-17 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command. |
|
8 |
CVE-2012-5899 |
79 |
2
|
XSS |
2012-11-17 |
2013-01-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit action. NOTE: some of these details are obtained from third party information. |
|
9 |
CVE-2012-5452 |
79 |
2
|
XSS |
2012-10-22 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2. |
|
10 |
CVE-2012-5388 |
79 |
2
|
XSS |
2012-10-24 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387. |
|
11 |
CVE-2012-4870 |
79 |
2
|
XSS |
2012-09-06 |
2019-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php. |
|
12 |
CVE-2012-4362 |
255 |
2
|
|
2012-08-20 |
2012-08-21 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838. |
|
13 |
CVE-2012-4262 |
79 |
2
|
XSS |
2012-08-13 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php. |
|
14 |
CVE-2012-2591 |
79 |
2
|
XSS |
2014-06-20 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email. |
|
15 |
CVE-2012-2442 |
119 |
2
|
DoS Overflow |
2012-07-25 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file. |
|
16 |
CVE-2012-1979 |
79 |
2
|
XSS |
2012-04-17 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action. |
|
17 |
CVE-2012-1613 |
79 |
2
|
XSS |
2012-09-04 |
2013-07-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter. |
|
18 |
CVE-2012-1503 |
79 |
2
|
XSS |
2014-08-29 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section. |
|
19 |
CVE-2012-1417 |
79 |
2
|
XSS |
2014-09-17 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com. |
|
20 |
CVE-2012-1261 |
79 |
2
|
XSS |
2020-01-09 |
2020-01-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter. |
|
21 |
CVE-2012-1260 |
79 |
2
|
XSS |
2020-01-09 |
2020-01-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script. |
|
22 |
CVE-2012-1258 |
287 |
2
|
|
2020-01-09 |
2020-01-22 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters. |
|
23 |
CVE-2012-1215 |
79 |
2
|
XSS |
2012-02-21 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action. |
|
24 |
CVE-2012-1214 |
79 |
2
|
XSS |
2012-02-21 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Add friends module in Yoono Desktop Application before 1.8.21 allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action. |
|
25 |
CVE-2012-1059 |
79 |
2
|
XSS |
2012-02-14 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt module. |
|
26 |
CVE-2012-0984 |
79 |
2
|
XSS |
2014-09-11 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php. |
|
27 |
CVE-2012-0895 |
79 |
2
|
XSS |
2012-01-20 |
2020-07-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter. |
|
28 |
CVE-2011-4572 |
79 |
2
|
XSS |
2011-11-29 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF Image Hosting Script 1.3.82, 1.4.1, and probably other versions before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this was originally reported as a file disclosure vulnerability, but this is likely inaccurate. |
|
29 |
CVE-2011-3829 |
200 |
2
|
+Info |
2012-01-29 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message. |
|
30 |
CVE-2010-5284 |
79 |
2
|
XSS |
2012-11-26 |
2013-08-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php. |
|
31 |
CVE-2010-5035 |
79 |
2
|
XSS |
2011-11-02 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information. |
|
32 |
CVE-2010-5027 |
79 |
2
|
XSS |
2011-11-02 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: some of these details are obtained from third party information. |
|
33 |
CVE-2010-5018 |
79 |
2
|
XSS |
2011-11-02 |
2011-11-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter. |
|
34 |
CVE-2010-5010 |
79 |
2
|
XSS |
2011-11-02 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to inject arbitrary web script or HTML via the session parameter. |
|
35 |
CVE-2010-5007 |
79 |
2
|
XSS |
2011-11-02 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in pages/match_report.php in UTStats Beta 4 and earlier allows remote attackers to inject arbitrary web script or HTML via the mid parameter. |
|
36 |
CVE-2010-4985 |
79 |
2
|
XSS |
2011-11-01 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to inject arbitrary web script or HTML via vectors involving the "Enter Reference Number Below" text box. |
|
37 |
CVE-2010-4928 |
79 |
2
|
XSS |
2011-10-09 |
2012-02-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character. |
|
38 |
CVE-2010-4913 |
79 |
2
|
XSS |
2011-10-08 |
2012-02-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the search feature in ColdGen ColdUserGroup 1.06 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some of these details are obtained from third party information. |
|
39 |
CVE-2010-4895 |
79 |
2
|
XSS |
2011-10-08 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the username field). NOTE: some of these details are obtained from third party information. |
|
40 |
CVE-2010-4874 |
79 |
2
|
XSS |
2011-10-07 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) msn, or (4) aim parameter. |
|
41 |
CVE-2010-4852 |
79 |
2
|
XSS |
2011-09-27 |
2012-02-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b allows remote attackers to inject arbitrary web script or HTML via the reason parameter in a fail action. |
|
42 |
CVE-2010-4850 |
79 |
2
|
XSS |
2011-09-27 |
2012-02-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2) slogan parameter to admin/site/2.html, related to views/admin.php; or the (3) subcatname or (4) description parameter to admin/forum/create_sub.html, related to views/admin.php. |
|
43 |
CVE-2010-4837 |
79 |
2
|
XSS |
2011-09-14 |
2012-02-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: some of these details are obtained from third party information. |
|
44 |
CVE-2010-4835 |
22 |
2
|
Dir. Trav. |
2011-09-14 |
2012-02-14 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action. |
|
45 |
CVE-2010-4749 |
79 |
2
|
XSS |
2011-03-01 |
2011-09-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) body parameter to action.php and the (2) amount and (3) action parameters to admin/index.php. |
|
46 |
CVE-2010-4631 |
79 |
2
|
XSS |
2010-12-30 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow. |
|
47 |
CVE-2010-4399 |
22 |
2
|
Dir. Trav. |
2010-12-06 |
2021-03-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information. |
|
48 |
CVE-2010-3457 |
79 |
2
|
XSS |
2010-09-17 |
2020-08-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information. |
|
49 |
CVE-2010-3026 |
352 |
2
|
CSRF |
2010-08-16 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests to admin/users/edit that grant administrative privileges. |
|
50 |
CVE-2010-2917 |
79 |
2
|
XSS |
2010-07-30 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action. NOTE: some of these details are obtained from third party information. |
