Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-4308

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Aug, 2006 | 19:00
Updated At-07 Aug, 2024 | 19:06
Rejected At-
Credits

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Aug, 2006 | 19:00
Updated At:07 Aug, 2024 | 19:06
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/19308
vdb-entry
x_refsource_BID
http://www.securityfocus.com/archive/1/444885/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2006/3366
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/archive/1/444062/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/28537
vdb-entry
x_refsource_XF
http://www.securityfocus.com/archive/1/444116/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/21577
third-party-advisory
x_refsource_SECUNIA
http://securitytracker.com/id?1016735
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/19308
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securityfocus.com/archive/1/444885/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.vupen.com/english/advisories/2006/3366
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/archive/1/444062/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/28537
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/archive/1/444116/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/21577
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://securitytracker.com/id?1016735
Resource:
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/19308
vdb-entry
x_refsource_BID
x_transferred
http://www.securityfocus.com/archive/1/444885/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.vupen.com/english/advisories/2006/3366
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/archive/1/444062/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/28537
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/archive/1/444116/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/21577
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://securitytracker.com/id?1016735
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/19308
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/444885/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/3366
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/444062/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/28537
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/444116/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/21577
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://securitytracker.com/id?1016735
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Aug, 2006 | 19:04
Updated At:03 Apr, 2025 | 01:03

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
blackboard
blackboard
>>blackboard>>6.0
cpe:2.3:a:blackboard:blackboard:6.0:*:*:*:*:*:*:*
blackboard
blackboard
>>blackboard_learning_and_community_portal_suite>>6.0
cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.0:*:*:*:*:*:*:*
blackboard
blackboard
>>blackboard_learning_and_community_portal_suite>>6.2.3.23
cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.2.3.23:*:*:*:*:*:*:*
blackboard
blackboard
>>vista>>4
cpe:2.3:a:blackboard:vista:4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/21577cve@mitre.org
Vendor Advisory
http://securitytracker.com/id?1016735cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/444062/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/444116/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/444885/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/19308cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2006/3366cve@mitre.org
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28537cve@mitre.org
N/A
http://secunia.com/advisories/21577af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securitytracker.com/id?1016735af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/444062/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/444116/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/444885/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/19308af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2006/3366af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28537af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://secunia.com/advisories/21577
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1016735
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/444062/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/444116/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/444885/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/19308
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/3366
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/28537
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/21577
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1016735
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/444062/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/444116/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/444885/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/19308
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/3366
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/28537
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

12243Records found
CVE-2008-1795
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-5.38% / 89.72%
||
7 Day CHG~0.00%
Published-15 Apr, 2008 | 17:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.

Action-Not Available
Vendor-blackboardn/a
Product-academic_suiten/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-5227
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 56.72%
||
7 Day CHG~0.00%
Published-05 Oct, 2007 | 23:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the (1) subject_t and (2) body_text parameters. NOTE: vector 2 requires bypassing a client-side security mechanism that attempts to block XSS sequences.

Action-Not Available
Vendor-blackboardn/a
Product-blackboard_learning_and_community_post_systemsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-0811
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.59%
||
7 Day CHG~0.00%
Published-22 Feb, 2014 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 SP6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-blackboardn/a
Product-vista\/cen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-25902
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.37% / 58.09%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 12:35
Updated-04 Aug, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class. NOTE: Third-parties dispute the validity of this entry as a possible false positive during research

Action-Not Available
Vendor-blackboardn/a
Product-collaborate_ultran/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-3421
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.26%
||
7 Day CHG~0.00%
Published-31 Jul, 2008 | 17:00
Updated-07 Aug, 2024 | 09:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp.

Action-Not Available
Vendor-blackboardn/a
Product-blackboard_academic_suiten/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2005-4339
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 52.60%
||
7 Day CHG~0.00%
Published-17 Dec, 2005 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page.

Action-Not Available
Vendor-blackboardn/a
Product-academic_suiten/a
CVE-2021-36747
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.27%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 20:44
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form.

Action-Not Available
Vendor-blackboardn/a
Product-blackboard_learnn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-9008
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 39.91%
||
7 Day CHG~0.00%
Published-25 Feb, 2020 | 17:29
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor.

Action-Not Available
Vendor-blackboardn/a
Product-blackboard_learnn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-36746
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.95%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 20:48
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor.

Action-Not Available
Vendor-blackboardn/a
Product-blackboard_learnn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10866
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 41.03%
||
7 Day CHG~0.00%
Published-13 Aug, 2019 | 17:52
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues.

Action-Not Available
Vendor-n/aTips and Tricks HQ
Product-all_in_one_wp_security_\&_firewalln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-24338
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 0.53%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1726
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.20% / 78.05%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-sitescopen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-18570
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-11.05% / 93.16%
||
7 Day CHG~0.00%
Published-29 Jul, 2019 | 22:33
Updated-05 Aug, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Planon before Live Build 41 has XSS.

Action-Not Available
Vendor-planonsoftwaren/a
Product-planonn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-4078
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.70% / 71.19%
||
7 Day CHG~0.00%
Published-25 Nov, 2009 | 21:22
Updated-07 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-redminen/a
Product-redminen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1063
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 59.95%
||
7 Day CHG~0.00%
Published-22 Feb, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Cherry-Design Photopad 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data[title] parameters in an edit action to files.php, or (3) id parameter in a view action to gallery.php.

Action-Not Available
Vendor-cherry-softwaren/a
Product-photopadn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1510
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.23%
||
7 Day CHG~0.00%
Published-20 Sep, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.

Action-Not Available
Vendor-n/aManageEngine (Zoho Corporation Pvt. Ltd.)
Product-servicedesk_plusn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1668
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-3.06% / 86.19%
||
7 Day CHG~0.00%
Published-10 Apr, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in search.php in AR Web Content Manager (AWCM) 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter.

Action-Not Available
Vendor-awcm-cmsn/a
Product-ar_web_content_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-24699
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 41.03%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 15:29
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS.

Action-Not Available
Vendor-chamber_dashboard_business_directory_projectn/a
Product-chamber_dashboard_business_directoryn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-4608
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.79% / 72.87%
||
7 Day CHG~0.00%
Published-13 Jan, 2010 | 11:00
Updated-07 Aug, 2024 | 07:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. ACCESSGUARDIAN 3.0.14 and earlier, and 3.5.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to authentication.

Action-Not Available
Vendor-canon-itsn/a
Product-accessguardiann/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-0961
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-18.65% / 95.02%
||
7 Day CHG~0.00%
Published-20 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ciscoworks_common_servicesn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1414
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.55% / 66.80%
||
7 Day CHG~0.00%
Published-22 Mar, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the tibbr web server, as used in TIBCO tibbr 1.0.0 through 1.5.0 and tibbr Service 1.0.0 through 1.5.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-tibbrtibbr_servicen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-24397
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.1||MEDIUM
EPSS-0.52% / 65.89%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 16:47
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser.

Action-Not Available
Vendor-SAP SE
Product-netweaver_enterprise_portalSAP NetWeaver Enterprise Portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1587
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 48.74%
||
7 Day CHG~0.00%
Published-27 Apr, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578.

Action-Not Available
Vendor-n/aWikimedia FoundationMicrosoft Corporation
Product-mediawikiinternet_explorern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-0962
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-8.45% / 91.97%
||
7 Day CHG~0.00%
Published-20 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_operations_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1670
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.88% / 85.76%
||
7 Day CHG~0.00%
Published-10 Apr, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit.

Action-Not Available
Vendor-a.kulikovn/a
Product-interra_blog_machinen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10952
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.39%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 12:13
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter.

Action-Not Available
Vendor-quotes_collection_projectn/a
Product-quotes_collectionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-4602
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.59%
||
7 Day CHG~0.00%
Published-12 Jan, 2010 | 17:00
Updated-16 Sep, 2024 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x through 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-randomizerdrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1308
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 52.39%
||
7 Day CHG~0.00%
Published-08 Mar, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1423
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.58%
||
7 Day CHG~0.00%
Published-05 May, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-data_loss_prevention_enterprise_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-0613
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.67% / 70.35%
||
7 Day CHG~0.00%
Published-16 May, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-robohelp_serverrobohelpn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-0734
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.79% / 72.96%
||
7 Day CHG~0.00%
Published-01 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was originally reported as affecting 9.0.1 CHF1 and earlier.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1069
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.15%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 20:45
Updated-06 Aug, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPShop through 0.8.1 has XSS.

Action-Not Available
Vendor-phpshopPHPShop
Product-phpshopPHPShop
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-24085
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.15%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 20:20
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code.

Action-Not Available
Vendor-mispn/a
Product-mispn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10988
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 46.76%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 14:28
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer.

Action-Not Available
Vendor-leenkn/a
Product-leenk.men/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1157
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 68.73%
||
7 Day CHG~0.00%
Published-11 Apr, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments.

Action-Not Available
Vendor-mark_pilgrimn/a
Product-feedparsern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1086
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 46.84%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 21:06
Updated-06 Aug, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter.

Action-Not Available
Vendor-openfilerOpenfiler
Product-openfilerOpenfiler
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1062
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.17% / 77.76%
||
7 Day CHG~0.00%
Published-22 Feb, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-taskfreakn/a
Product-taskfreak\!n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1330
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.23%
||
7 Day CHG~0.00%
Published-22 Jun, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 Pro/LE, 5.03 Pro/LE, 5.04 Pro/LE, and 5.10 Pro/LE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-kbsn/a
Product-weblygon/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1335
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.52% / 65.68%
||
7 Day CHG~0.00%
Published-29 Jun, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "address book and user list functions."

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-officen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-18379
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.61% / 68.83%
||
7 Day CHG~0.00%
Published-07 Oct, 2019 | 11:28
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS.

Action-Not Available
Vendor-elementorn/a
Product-elementor_page_buildern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-0653
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-47.88% / 97.63%
||
7 Day CHG~0.00%
Published-15 Sep, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sharepoint_serversharepoint_foundationn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-0893
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.84% / 73.80%
||
7 Day CHG~0.00%
Published-03 Apr, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in HP Operations 9.10 on UNIX platforms allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-operationsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-0909
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 45.20%
||
7 Day CHG~0.00%
Published-08 Feb, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526.

Action-Not Available
Vendor-vanillaforumsn/a
Product-vanillan/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1077
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.39% / 84.39%
||
7 Day CHG~0.00%
Published-02 Jun, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-archivan/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1716
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 65.07%
||
7 Day CHG~0.00%
Published-18 Apr, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-xymonn/a
Product-xymonn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1660
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 63.90%
||
7 Day CHG~0.00%
Published-10 Apr, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web script or HTML via (1) the reportName or (2) uniqueId parameter to CoreViewerInit.js, or the (3) uniqueId or (4) traceLevel parameter to CoreController.js, as reachable by CoreHandler.ashx.

Action-Not Available
Vendor-grapecityn/a
Product-data_dynamics_reportsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1714
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-8.06% / 91.77%
||
7 Day CHG~0.00%
Published-18 Apr, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.

Action-Not Available
Vendor-eyeosqooxdoon/a
Product-qooxdooeyeosn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-23774
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 44.92%
||
7 Day CHG~0.00%
Published-26 Jan, 2021 | 21:02
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.

Action-Not Available
Vendor-winmail_projectn/a
Product-winmailn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1263
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-64.34% / 98.37%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 21:16
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-22330
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 42.37%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 13:26
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page.

Action-Not Available
Vendor-intelliantsn/a
Product-subrionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 244
  • 245
  • Next
Details not found