Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-04-11 | CVE-2012-1992 | Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template). | 4.3 |
2012-04-11 | CVE-2012-1036 | Cross-Site Scripting vulnerability in Dotnetnuke Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message. | 4.3 |
2012-04-11 | CVE-2012-1030 | Cross-Site Scripting vulnerability in Dotnetnuke 6.0.0/6.0.1/6.0.2 Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup. | 4.3 |
2012-04-05 | CVE-2012-1982 | Cross-Site Scripting vulnerability in Socialcms 1.0.2 Cross-site scripting (XSS) vulnerability in my_admin/admin1_list_pages.php in SocialCMS 1.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the TR_title parameter in an edit action. | 3.5 |
2012-04-05 | CVE-2012-0327 | Cross-Site Scripting vulnerability in Redmine Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-04-05 | CVE-2012-0132 | Cross-Site Scripting vulnerability in HP Business Availability Center 9.01 Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 9.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-04-02 | CVE-2012-0225 | Cross-Site Scripting vulnerability in Invensys Wonderware Information Server 4.0/4.5 Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-04-02 | CVE-2011-5084 | Cross-Site Scripting vulnerability in Sixapart Movable Type Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-03-30 | CVE-2011-3058 | Cross-Site Scripting vulnerability in Google Chrome Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | 4.3 |
2012-03-23 | CVE-2012-0047 | Cross-Site Scripting vulnerability in Apache Wicket Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter. | 4.3 |