Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.
Max CVSS
4.3
EPSS Score
0.24%
Published
2011-09-29
Updated
2018-11-29
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-18
Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-18
Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-18
Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Max CVSS
4.3
EPSS Score
0.16%
Published
2011-09-28
Updated
2011-10-22
Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-18
Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.19%
Published
2011-09-28
Updated
2011-10-30
Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-18
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-18
Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-18
Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-21
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-21
Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.16%
Published
2011-09-28
Updated
2011-10-21
Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-21
Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-21
Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-21
Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.20%
Published
2011-09-28
Updated
2011-10-21
Zikula 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/voodoodolly/version.php and certain other files.
Max CVSS
5.0
EPSS Score
0.23%
Published
2011-09-24
Updated
2012-05-21
Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files.
Max CVSS
5.0
EPSS Score
0.23%
Published
2011-09-24
Updated
2012-05-21
Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files.
Max CVSS
5.0
EPSS Score
0.23%
Published
2011-09-24
Updated
2012-05-21
Yamamah 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/index.php and certain other files.
Max CVSS
5.0
EPSS Score
0.23%
Published
2011-09-24
Updated
2012-05-21
XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoops_version.php and certain other files.
Max CVSS
5.0
EPSS Score
0.23%
Published
2011-09-24
Updated
2012-05-21
xajax 0.6 beta1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xajax_core/plugin_layer/xajaxScriptPlugin.inc.php and certain other files.
Max CVSS
5.0
EPSS Score
0.23%
Published
2011-09-24
Updated
2012-05-21
WSN Software 6.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/prestart.php and certain other files.
Max CVSS
5.0
EPSS Score
0.23%
Published
2011-09-24
Updated
2012-05-21
WoW Server Status 4.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by status.php and certain other files.
Max CVSS
5.0
EPSS Score
0.23%
Published
2011-09-24
Updated
2012-05-21
383 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!