Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-05-22 | CVE-2012-1990 | Cross-Site Scripting vulnerability in Schneider-Electric Kerweb and Kerwin Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields. | 4.3 |
| 2012-05-21 | CVE-2012-2920 | Cross-Site Scripting vulnerability in User Photo User Photo Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. | 4.3 |
| 2012-05-21 | CVE-2012-2918 | Cross-Site Scripting vulnerability in Chevereto 1.91 Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter. | 4.3 |
| 2012-05-21 | CVE-2012-2339 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information." | 4.3 |
| 2012-05-21 | CVE-2012-0296 | Cross-Site Scripting vulnerability in Symantec web Gateway 5.0/5.0.1/5.0.2 Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-05-21 | CVE-2010-5100 | Cross-Site Scripting vulnerability in Typo3 Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2012-05-21 | CVE-2010-5098 | Cross-Site Scripting vulnerability in Typo3 Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2012-05-21 | CVE-2010-5097 | Cross-Site Scripting vulnerability in Typo3 Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
| 2012-05-21 | CVE-2012-2917 | Cross-Site Scripting vulnerability in Andrew Killen Share and Follow 1.80.3 Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-and-follow-menu page to wp-admin/admin.php. | 4.3 |
| 2012-05-21 | CVE-2012-2916 | Cross-Site Scripting vulnerability in DLO Simple Anti BOT Registration Engine Plugin Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php. | 4.3 |