The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2009-0063 | Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | Medium | Apr 30, 2009 |
| CVE-2010-1584 | Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description. | Low | May 19, 2010 |
| CVE-2014-8376 | Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the Administer contexts Context UI module permission to inject arbitrary web script or HTML via vectors related to context settings. | Low | Oct 24, 2014 |
| CVE-2015-2241 | Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property. | Medium | Mar 12, 2015 |
| CVE-2015-1402 | Cross-site scripting (XSS) vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Feb 4, 2015 |
| CVE-2015-1404 | Cross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Feb 4, 2015 |
| CVE-2017-17096 | Cross-site scripting (XSS) vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data. | MEDIUM | Dec 4, 2017 |
| CVE-2015-3364 | Cross-site scripting (XSS) vulnerability in the Content Analysis module before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message. | Medium | Apr 29, 2015 |
| CVE-2012-4259 | Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allows remote attackers to inject arbitrary web script or HTML via the company name. NOTE: some of these details are obtained from third party information. | Medium | Aug 14, 2012 |
| CVE-2010-4109 | Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file. | Medium | Dec 9, 2010 |
| CVE-2011-2408 | Cross-site scripting (XSS) vulnerability in the Contacts application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Aug 12, 2011 |
| CVE-2008-4727 | Cross-site scripting (XSS) vulnerability in the contact update page (ss/bwgkoemr.P_UpdateEmrgContacts) in SunGard Banner Student 7.3 allows remote attackers to inject arbitrary web script or HTML via the addr1 parameter. NOTE: this might be resultant from a CSRF vulnerability, but there are insufficient details to be sure. | Medium | Oct 24, 2008 |
| CVE-2012-2075 | Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors. | Low | Aug 15, 2012 |
| CVE-2009-4744 | Cross-site scripting (XSS) vulnerability in the Contact module in Exponent CMS 0.97-GA20090213 allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Mar 29, 2010 |
| CVE-2009-4369 | Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with administer site-wide contact form permissions to inject arbitrary web script or HTML via the contact category name. | Low | Dec 22, 2009 |
| CVE-2012-2071 | Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors. | Low | Aug 28, 2012 |
| CVE-2015-2040 | Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin 2.8.26 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit_time parameter in the CF7DBPluginSubmissions page to wp-admin/admin.php. | Medium | Feb 23, 2015 |
| CVE-2014-8955 | Cross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the cscf[name] parameter to contact-us/. | Medium | Nov 18, 2014 |
| CVE-2008-6746 | Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name. | Medium | Apr 23, 2009 |
| CVE-2014-3841 | Cross-site scripting (XSS) vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration. NOTE: some of these details are obtained from third party information. | Medium | May 23, 2014 |
| CVE-2009-3029 | Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via external client input that triggers crafted error messages. | Low | Oct 15, 2009 |
| CVE-2009-3036 | Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.4.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Low | Feb 24, 2010 |
| CVE-2015-6502 | Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login Redirect. | -- | Dec 11, 2017 |
| CVE-2014-7869 | Cross-site scripting (XSS) vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer contexts permission to inject arbitrary web script or HTML via unspecified vectors. | Low | Oct 7, 2014 |
| CVE-2011-0005 | Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php. | Medium | Jan 19, 2011 |
| CVE-2007-5427 | Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1. | Medium | Oct 18, 2007 |
| CVE-2007-6643 | Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jan 4, 2008 |
| CVE-2015-7980 | Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to embedding a JavaScript library from an external source that was not reliable. | MEDIUM | Oct 2, 2017 |
| CVE-2013-0569 | Cross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Apr 29, 2013 |
| CVE-2022-2511 | Cross-site Scripting (XSS) vulnerability in the commonuserinterface component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL. | -- | Jul 22, 2022 |
| CVE-2009-4963 | Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | Low | Jul 28, 2010 |
| CVE-2012-4071 | Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. | Medium | Aug 10, 2012 |
| CVE-2013-1409 | Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php. | Medium | Mar 4, 2014 |
| CVE-2009-1937 | Cross-site scripting (XSS) vulnerability in the comment posting feature in LightNEasy 2.2.1 no database (aka flat) and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the (1) commentname (aka Author), (2) commentemail (aka Email), and (3) commentmessage (aka Comment) parameters. NOTE: some of these details are obtained from third party information. | Medium | Jun 8, 2009 |
| CVE-2013-6010 | Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Attachment field title. | Medium | Oct 4, 2013 |
| CVE-2008-4456 | Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. | Low | Oct 11, 2008 |
| CVE-2016-5833 | Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834. | MEDIUM | Jun 29, 2016 |
| CVE-2013-6388 | Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS. | Medium | Dec 27, 2013 |
| CVE-2016-4826 | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827. | MEDIUM | Jun 27, 2016 |
| CVE-2016-4827 | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826. | MEDIUM | Jun 27, 2016 |
| CVE-2014-8897 | Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | Low | Dec 22, 2014 |
| CVE-2014-8898 | Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | Low | Dec 22, 2014 |
| CVE-2014-8899 | Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | Low | Dec 22, 2014 |
| CVE-2013-6961 | Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237. | Medium | Dec 16, 2013 |
| CVE-2009-4152 | Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag. | Medium | Dec 3, 2009 |
| CVE-2015-0158 | Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | Medium | Mar 26, 2015 |
| CVE-2012-1834 | Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php. | Medium | Apr 8, 2014 |
| CVE-2015-1478 | Cross-site scripting (XSS) vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the view parameter to /classifieds. | Medium | Feb 4, 2015 |
| CVE-2015-7307 | Cross-site scripting (XSS) vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the configuration page. | Medium | Sep 22, 2015 |
| CVE-2015-3348 | Cross-site scripting (XSS) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. | Low | Apr 22, 2015 |
