U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): XSS
  • Search Type: Search All
There are 7,652 matching records.
Displaying matches 7,481 through 7,500.
Vuln ID Summary CVSS Severity
CVE-2013-3179

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."

Published: September 11, 2013; 10:03:48 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-4653

Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry that results in a stored XSS via unspecified vectors.

Published: August 19, 2013; 8:48:09 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-1013

XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors.

Published: June 05, 2013; 10:39:55 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-2955

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, related to a stored XSS issue.

Published: May 27, 2013; 10:55:01 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2013-2848

The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.

Published: May 22, 2013; 9:29:56 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-3513

Multiple cross-site request forgery (CSRF) vulnerabilities in the Noma component in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) store XSS sequences or (2) delete entries.

Published: May 08, 2013; 8:09:34 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-2709

Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Published: April 26, 2013; 7:41:57 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-2696

Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Published: April 25, 2013; 4:55:09 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-2697

Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Published: April 19, 2013; 7:44:26 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0083

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."

Published: March 12, 2013; 8:55:01 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-0909

The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors.

Published: March 05, 2013; 4:55:11 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-0010

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.

Published: January 09, 2013; 1:09:40 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-0009

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.

Published: January 09, 2013; 1:09:40 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-6433

Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.

Published: January 03, 2013; 6:54:26 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-5992

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.

Published: December 19, 2012; 6:56:00 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-5387

Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.

Published: October 24, 2012; 1:55:02 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-2552

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."

Published: October 09, 2012; 5:55:02 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-2889

Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."

Published: September 26, 2012; 6:56:04 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-2886

Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Google V8 bindings, aka "Universal XSS (UXSS)."

Published: September 26, 2012; 6:56:04 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-4905

Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)."

Published: September 13, 2012; 4:55:01 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM