Security Vulnerabilities, CVEs, Published In September 2011 (XSS)
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-18
Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-18
Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-18
Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Max CVSS
4.3
EPSS Score
0.16%
Published
2011-09-28
Updated
2011-10-22
Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-18
Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.19%
Published
2011-09-28
Updated
2011-10-30
Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-18
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-18
Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-18
Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-21
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-21
Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.16%
Published
2011-09-28
Updated
2011-10-21
Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-21
Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-21
Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-21
Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.20%
Published
2011-09-28
Updated
2011-10-21
Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-27
Updated
2012-05-21
Multiple cross-site scripting (XSS) vulnerabilities in Sonexis ConferenceManager 9.2.11.0 allow remote attackers to inject arbitrary web script or HTML via (1) the txtConferenceID parameter to HostLogin.asp, (2) the txtConferenceID parameter to ParticipantLogin.asp, (3) the acp parameter to ForgotPIN.asp, or the (4) Description, (5) title, or (6) Heading parameter to Error.asp.
Max CVSS
4.3
EPSS Score
0.20%
Published
2011-09-27
Updated
2012-02-14
Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, (6) email3, (7) sms, (8) sms_id, or (9) work parameter.
Max CVSS
4.3
EPSS Score
0.17%
Published
2011-09-27
Updated
2012-05-21
Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp, (3) the siteid parameter to reports-config-by-device.asp, (4) the siteid parameter to reports-config-by-monitor.asp, (5) the siteid parameter to reports-monitoring-queue.asp, (6) the action parameter to site-list.asp, the (7) siteid or (8) type parameter to event-history.asp, the (9) siteid or (10) type parameter to admin-history.asp, the (11) siteid or (12) id parameter to dashboard-view.asp, the (13) siteid or (14) dn parameter to device-events.asp, the (15) siteid or (16) submit parameter to device-finder.asp, the (17) siteid or (18) dn parameter to device-monitors.asp, the (19) siteid or (20) type parameter to device-views.asp, the (21) siteid or (22) type parameter to monitor-views.asp, the (23) siteid or (24) sel parameter to reports-list.asp, the (25) siteid, (26) action, or (27) sel parameter to monitor-list.asp, or the (28) siteid, (29) action, or (30) sel parameter to device-list.asp.
Max CVSS
4.3
EPSS Score
0.17%
Published
2011-09-27
Updated
2012-05-21
Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357.
Max CVSS
4.3
EPSS Score
0.45%
Published
2011-09-21
Updated
2018-10-09
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf.
Max CVSS
4.3
EPSS Score
0.10%
Published
2011-09-19
Updated
2011-09-23
Cross-site scripting (XSS) vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.27%
Published
2011-09-19
Updated
2017-08-29
Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3) city1 parameter.
Max CVSS
4.3
EPSS Score
0.16%
Published
2011-09-15
Updated
2012-02-14
Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter.
Max CVSS
4.3
EPSS Score
0.25%
Published
2011-09-08
Updated
2017-08-29