LiveActive security incident?Get immediate response
CVE archive

January 2012

Browse CVE records published in January 2012, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 484 matching CVEs · Page 3 of 10.

Unknown · CVSS Not scored

CVE-2012-6434: Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow r...

Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter.

Published Jan 3, 2013 · Updated Sep 16, 2024

Medium · CVSS 4

CVE-2012-10003: ahmyi RivetTracker cross site scripting

A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This issue affects some unknown processing. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The patch is named f053c5cc2bc44269b0496b5f275e349928a92ef9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217271.

Published Jan 3, 2023 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2012-10004: backdrop-contrib Basic Cart basic_cart.cart.inc basic_cart_checkout_form_submit cross site scripting

A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It has been classified as problematic. Affected is the function basic_cart_checkout_form_submit of the file basic_cart.cart.inc. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.x-1.1.1 is able to address this issue. The patch is identified as a10424ccd4b3b4b433cf33b73c1ad608b11890b4. It is recommended to upgrade the affected component. VDB-217950 is the identifier assigned to this vulnerability.

Published Jan 11, 2023 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-6708: jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks.

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

Published Jan 18, 2018 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-6671: Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Foru...

Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module before 1.0.8 for vBulletin when creating a new monster, allow remote attackers to inject arbitrary web script or HTML via the (1) monster[title] or (2) monster[description] parameters.

Published Jan 11, 2018 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2012-10005: manikandan170890 php-form-builder-class Textarea Textarea.php cross site scripting

A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PFBC/Element/Textarea.php of the component Textarea Handler. The manipulation of the argument value leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 74897993818d826595fd5857038e6703456a594a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218155.

Published Jan 12, 2023 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-6668: Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBS...

Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module before 6.0.6 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2) modnotes parameter in actions/updatereport.php.

Published Jan 11, 2018 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-6621: Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow r...

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php.

Published Jan 16, 2014 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-6622: Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Ser...

Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.

Published Jan 16, 2014 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-6523: Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrar...

Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via (1) the p parameter in the getMenus function in codes/wcms.php; or the COMMENT parameter in (2) blog.php, (3) guestbook.php, or (4) forum.php in codes/. NOTE: some of these details are obtained from third party information.

Published Jan 31, 2013 · Updated Aug 6, 2024