Max CVSS | 7.5 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2005-3264 | 4.3 |
Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog 1.1f and 1.2a allows remote attackers to inject arbitrary web script or HTML via the threadID parameter.
|
14-02-2024 - 01:17 | 20-10-2005 - 10:02 | |
CVE-2016-0736 | 5.0 |
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated en
|
06-06-2021 - 11:15 | 27-07-2017 - 21:29 | |
CVE-2018-2442 | 6.8 |
In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is st
|
11-10-2018 - 17:19 | 14-08-2018 - 16:29 | |
CVE-2011-4547 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1)
|
29-08-2017 - 01:30 | 29-11-2011 - 00:55 | |
CVE-2011-4567 | 4.3 |
Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to i
|
29-08-2017 - 01:30 | 29-11-2011 - 00:55 | |
CVE-2015-2958 | 6.4 |
Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2953.
|
03-12-2016 - 03:07 | 13-06-2015 - 15:59 | |
CVE-2011-4344 | 2.6 |
Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error mess
|
13-06-2016 - 15:28 | 01-12-2011 - 11:55 | |
CVE-2011-4545 | 5.0 |
CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.
|
13-12-2011 - 04:09 | 02-12-2011 - 11:55 | |
CVE-2011-4544 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_ba
|
13-12-2011 - 04:09 | 01-12-2011 - 21:55 | |
CVE-2002-0955 | 7.5 |
Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the r
|
05-09-2008 - 20:29 | 04-10-2002 - 04:00 |