Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-02-24 | CVE-2012-1213 | Cross-Site Scripting vulnerability in Zimbra Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter. | 4.3 |
2012-02-24 | CVE-2012-1212 | Cross-Site Scripting vulnerability in Smwplus Smw+ Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName function in extensions/SMWHalo/includes/SMW_Initialize.php in Semantic Enterprise Wiki (SMW+) 1.5.6, 1.6.0_2 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter to index.php/Special:FormEdit. | 4.3 |
2012-02-24 | CVE-2012-1211 | Cross-Site Scripting vulnerability in Powie Pfile 1.02 Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter. | 4.3 |
2012-02-24 | CVE-2012-1209 | Cross-Site Scripting vulnerability in Fork-Cms Fork CMS 3.2.4 Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. | 4.3 |
2012-02-24 | CVE-2012-1208 | Cross-Site Scripting vulnerability in Fork-Cms Fork CMS 3.2.4 Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index. | 4.3 |
2012-02-24 | CVE-2012-1000 | Cross-Site Scripting vulnerability in Lepton-Cms Lepton Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 and other versions before 1.1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to admins/login/forgot/index.php, or the (2) display_name or (3) email parameter to account/preferences.php. | 4.3 |
2012-02-23 | CVE-2012-1290 | Cross-Site Scripting vulnerability in SAP Netweaver 7.0 Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. | 4.3 |
2012-02-23 | CVE-2012-0873 | Cross-Site Scripting vulnerability in Boonex Dolphin Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php. | 4.3 |
2012-02-23 | CVE-2012-0707 | Cross-Site Scripting vulnerability in IBM Websphere Application Server 7.2 Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with a document attachment control section. | 4.3 |
2012-02-21 | CVE-2012-1224 | Cross-Site Scripting vulnerability in Contentlion Alpha 1.3 Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |