Search
Total
6403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0866 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do. | |||||
| CVE-2015-1366 | 1 Pixabay Images Project | 1 Pixabay Images | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter. | |||||
| CVE-2015-1032 | 1 Kiwix | 1 Kiwix | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Kiwix before 0.9.1, when using kiwix-serve, allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to /search. | |||||
| CVE-2014-9352 | 1 Scalix | 1 Web Access | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mail administration login panel in Scalix Web Access 11.4.6.12377 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-9711 | 1 Websense | 5 Triton Ap Web, Triton Web Filter, Triton Web Security and 2 more | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page. | |||||
| CVE-2015-1437 | 1 Asus | 2 Rt-n10\+d1, Rt-n10\+d1 Firmware | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm. | |||||
| CVE-2015-1368 | 1 Ansible | 1 Tower | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/. | |||||
| CVE-2014-9522 | 1 Papoo | 1 Cms Papoo Light | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php. | |||||
| CVE-2014-9526 | 1 Concrete5 | 1 Concrete5 | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php. | |||||
| CVE-2014-9570 | 1 Mywebsiteadvisor | 1 Simple Security | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAdvisor Simple Security plugin 1.1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) datefilter parameter in the access_log page to wp-admin/users.php or (2) simple_security_ip_blacklist[] parameter in an add_blacklist_ip action in the ip_blacklist page to wp-admin/users.php. | |||||
| CVE-2014-9433 | 1 Contenido | 1 Contendio | 2018-10-09 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) idart, (2) lang, or (3) idcat parameter. | |||||
| CVE-2014-9432 | 1 S9y | 1 Serendipity | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php. | |||||
| CVE-2014-9142 | 1 Technicolor | 1 Td5130 Router Firmware | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter. | |||||
| CVE-2014-9020 | 1 Zte | 2 Zxdsl 831, Zxdsl 831cii | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases. | |||||
| CVE-2014-9021 | 1 Zteusa | 1 Zxdsl 831 | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) tr69cConnReqPwd, or (5) tr69cDebugEnable parameter to the TR-069 client page (tr69cfg.cgi); the (6) timezone parameter to the Time and date page (sntpcfg.sntp); or the (7) hostname parameter in a save action to the Quick Stats page (psilan.cgi). NOTE: this issue was SPLIT from CVE-2014-9020 per ADT1 due to different affected products and codebases. | |||||
| CVE-2014-8993 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type. | |||||
| CVE-2014-8793 | 1 Revive-adserver | 1 Revive Adserver | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php. | |||||
| CVE-2014-8732 | 1 Phpmemcachedadmin Project | 1 Phpmemcachedadmin | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8658 | 1 Refinedwiki | 1 Refinedwiki Original Theme | 2018-10-09 | 4.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit content to inject arbitrary web script or HTML via the versionComment parameter to pages/doeditpage.action. | |||||
| CVE-2014-8683 | 1 Gogits | 1 Gogs | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown. | |||||
| CVE-2014-8869 | 1 Tapatalk | 1 Tapatalk | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) app_android_id or (2) app_kindle_url parameter. | |||||
| CVE-2014-8724 | 1 W3edge | 1 Total Cache | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI. | |||||
| CVE-2014-8539 | 1 Simple Email Form Project | 1 Simple Email Form | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php. | |||||
| CVE-2014-8314 | 1 Sap | 1 Hana | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent. | |||||
| CVE-2014-8308 | 1 Sap | 1 Businessobjects | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-7956 | 1 Podsfoundation | 1 Pods | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php. | |||||
| CVE-2014-7987 | 1 Espocrm | 1 Espocrm | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php. | |||||
| CVE-2014-7182 | 1 Wpgmaps | 1 Wordpress Google Maps Plugin | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker action in the wp-google-maps-menu page to wp-admin/admin.php. | |||||
| CVE-2014-7183 | 1 Litecart | 1 Litecart | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING. | |||||
| CVE-2014-7181 | 1 Maxfoundry | 1 Maxbuttons | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page. | |||||
| CVE-2014-7138 | 1 Google Calendar Events Project | 1 Google Calendar Events | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-6439 | 1 Elasticsearch | 1 Elasticsearch | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-7139 | 1 Cfdbplugin | 1 Contact Form Db | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) form or (2) enc parameter in the CF7DBPluginShortCodeBuilder page to wp-admin/admin.php. | |||||
| CVE-2014-6280 | 1 Osclass | 1 Osclass | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported action to oc-admin/index.php. | |||||
| CVE-2014-6616 | 1 Softing | 2 Fg-100 Profibus, Fg-x00 Profibus Firmware | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/. | |||||
| CVE-2014-6315 | 1 Photo Gallery Plugin Project | 1 Photo Gallery Plugin | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-6243 | 1 Ewww Image Optimizer Plugin Project | 1 Ewww Image Optimizer Plugin | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngout error message. | |||||
| CVE-2014-5451 | 1 Modx | 1 Modx Revolution | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression. | |||||
| CVE-2014-5464 | 1 Ntop | 1 Ntopng | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. | |||||
| CVE-2014-5259 | 1 Blackcat-cms | 1 Blackcat Cms | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2014-5338 | 1 Check Mk Project | 1 Check Mk | 2018-10-09 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py. | |||||
| CVE-2014-5391 | 1 Sos | 1 Jobscheduler | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash). | |||||
| CVE-2014-5257 | 1 Formalms | 1 Formalms | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request or (2) id_game parameter in an alms/games/edit request to appCore/index.php. | |||||
| CVE-2014-5178 | 1 Efssoft | 1 Easy File Sharing Web Server | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Easy File Sharing (EFS) Web Server 6.8 allow remote authenticated users to inject arbitrary web script or HTML via the content parameter when (1) creating a topic or (2) posting an answer. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-5172 | 1 Sap | 1 Hana | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-5234 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name. | |||||
| CVE-2014-5235 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds. | |||||
| CVE-2014-4735 | 1 Mywebsql | 1 Mywebsql | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php. | |||||
| CVE-2014-4737 | 1 Textpattern | 1 Textpattern | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php. | |||||
| CVE-2014-4727 | 1 Tp-link | 2 Tl-wdr4300, Tl-wdr4300 Firmware | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request. | |||||