Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-04-21 | CVE-2012-2404 | Cross-Site Scripting vulnerability in Wordpress wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | 4.3 |
| 2012-04-21 | CVE-2012-2403 | Cross-Site Scripting vulnerability in Wordpress wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | 4.3 |
| 2012-04-20 | CVE-2012-2398 | Cross-Site Scripting vulnerability in Owncloud 3.0.0/3.0.1/3.0.2 Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4. | 4.3 |
| 2012-04-20 | CVE-2012-2269 | Cross-Site Scripting vulnerability in Owncloud 3.0.0/3.0.1/3.0.2 Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php. | 4.3 |
| 2012-04-18 | CVE-2012-0253 | Cross-Site Scripting vulnerability in Demandmedia Pluck Sitelife 5.0.12 Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pluck SiteLife before 5.0.13 allow remote attackers to inject arbitrary web script or HTML via (1) the jsonRequest parameter to Direct/Process, the (2) r or (3) cb parameter to Direct/jsonp.htm, or (4) the cb parameter to sys/jsonp.app/.htm. | 4.3 |
| 2012-04-17 | CVE-2012-1979 | Cross-Site Scripting vulnerability in Syndeocms Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action. | 3.5 |
| 2012-04-17 | CVE-2012-1984 | Cross-Site Scripting vulnerability in Realnetworks Helix Mobile Server and Helix Server Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-04-16 | CVE-2012-1240 | Cross-Site Scripting vulnerability in Recruit Dokodemo Rikunabi 2013 1.0.0 Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikunabi 2013 extension before 1.0.1 for Google Chrome allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-04-13 | CVE-2012-1807 | Cross-Site Scripting vulnerability in Koyo products Cross-site scripting (XSS) vulnerability in the web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-04-11 | CVE-2012-2156 | Cross-Site Scripting vulnerability in Plume-Cms Plume CMS Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section. | 4.3 |