|
291341
|
6.1 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4377
|
2024-11-21 10:42 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291342
|
4.9 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.
|
CWE-200
Information Exposure
|
CVE-2012-4382
|
2024-11-21 10:42 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291343
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.
|
CWE-284
Improper Access Control
|
CVE-2012-4380
|
2024-11-21 10:42 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291344
|
6.5 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response i…
|
CWE-284
Improper Access Control
|
CVE-2012-4379
|
2024-11-21 10:42 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291345
|
- |
|
group-office
|
groupoffice
|
SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
|
CWE-89
SQL Injection
|
CVE-2012-4240
|
2024-11-21 10:42 |
2014-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291346
|
- |
|
phorum
|
phorum
|
Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2012-4234
|
2024-11-21 10:42 |
2014-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291347
|
- |
|
qpw.famvanakkeren
|
quick_post_widget
|
Multiple cross-site scripting (XSS) vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Title, (2) Content, or (3…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4226
|
2024-11-21 10:42 |
2014-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291348
|
- |
|
microcart_project
|
microcart
|
Multiple cross-site scripting (XSS) vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or (2) query string to _admin/index.php or (3)…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4241
|
2024-11-21 10:42 |
2014-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291349
|
- |
|
tinymce
|
tinymce
|
The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4230
|
2024-11-21 10:42 |
2014-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291350
|
- |
|
cisco
|
nx-os
|
Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCt…
|
CWE-22
Path Traversal
|
CVE-2012-4135
|
2024-11-21 10:42 |
2013-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
