Search
Total
6403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6091 | 1 Ibm | 1 Curam Social Program Management | 2017-09-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management (SPM) 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-6093 | 1 Ibm | 1 Websphere Portal | 2017-09-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2013-7417 | 1 Ipcop | 1 Ipcop | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. NOTE: this can be used to bypass the cross-site request forgery (CSRF) protection mechanism by setting the Referer. | |||||
| CVE-2014-100006 | 1 Webtrees | 1 Webtrees | 2017-09-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in modules_v3/googlemap/wt_v3_street_view.php in webtrees before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) map, (2) streetview, or (3) reset parameter. | |||||
| CVE-2014-100007 | 1 Hk Exif Tags Project | 1 Hk Exif Tags | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-6096 | 1 Ibm | 1 Security Identity Manager | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-6100 | 1 Ibm | 2 Security Directory Server, Tivoli Directory Server | 2017-09-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-6101 | 1 Ibm | 1 Business Process Manager | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-100008 | 1 Joomlaskin | 1 Js Multi Hotel | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/delete_img.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter. | |||||
| CVE-2014-6113 | 1 Ibm | 1 Tivoli Endpoint Manager | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-6121 | 1 Ibm | 2 Security Appscan, Security Appscan Source | 2017-09-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-6126 | 1 Ibm | 1 Websphere Portal | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-6132 | 1 Ibm | 1 Websphere Service Registry And Repository | 2017-09-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-6137 | 1 Ibm | 1 Tivoli Endpoint Manager | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-6145 | 1 Ibm | 1 Cognos Business Intelligence | 2017-09-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence 10.1 before IF10, 10.1.1 before IF9, 10.2 before IF11, 10.2.1 before IF8, and 10.2.1.1 before IF7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-6150 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2017-09-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-6152 | 1 Ibm | 1 Tivoli Integrated Portal | 2017-09-08 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Integrated Portal (TIP) 2.2.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-6161 | 1 Ibm | 1 Tivoli Netcool\/impact | 2017-09-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact 6.1.1 before 6.1.1.1-TIV-NCI-IF0001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-6163 | 1 Ibm | 1 Websphere Datapower Xc10 Appliance Firmware | 2017-09-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-6167 | 1 Ibm | 1 Websphere Application Server | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-100013 | 1 Clientresponse Project | 1 Clientresponse | 2017-09-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in clientResponse 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject or (2) Message field. | |||||
| CVE-2014-100016 | 1 Photocati Media | 1 Photocrati | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-sizes.php in the Photocrati theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the prod_id parameter. | |||||
| CVE-2014-100017 | 1 Phponlinechat | 1 Phponlinechat | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in canned_opr.php in PhpOnlineChat 3.0 allows remote attackers to inject arbitrary web script or HTML via the message field. | |||||
| CVE-2014-100023 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2017-09-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter to wp-admin/edit.php. | |||||
| CVE-2014-8318 | 1 Webform Project | 1 Webform | 2017-09-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.20, 7.x-3.x before 7.x-3.20, and 7.x-4.x before 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a field label title, when two fields have the same form_key. | |||||
| CVE-2011-5283 | 1 Smoothwall | 1 Smoothwall | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action. | |||||
| CVE-2014-8380 | 1 Splunk | 1 Splunk | 2017-09-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression. | |||||
| CVE-2013-1086 | 1 Novell | 1 Groupwise | 2017-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute. | |||||
| CVE-2014-4763 | 1 Ibm | 2 Filenet Content Foundation, Filenet Content Manager | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-4589 | 1 Wp Silverlight Media Player Project | 1 Wp Silverlight Media Player | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in uploader.php in the WP Silverlight Media Player (wp-media-player) plugin 0.8 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter. | |||||
| CVE-2014-4787 | 1 Ibm | 1 Initiate Master Data Service | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4738 | 1 Fortinet | 1 Fortiweb | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg. | |||||
| CVE-2014-4748 | 1 Ibm | 1 Sametime | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-4838 | 1 Ibm | 1 Tririga Application Platform | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-4751 | 1 Ibm | 1 Security Access Manager For Mobile | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Mobile 8.0.0.0, 8.0.0.1, and 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-4762 | 1 Ibm | 1 Websphere Portal | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-4770 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-4801 | 1 Ibm | 1 Rational Quality Manager | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-4820 | 1 Ibm | 1 Integration Bus Manufacturing Pack | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Integration Bus Manufacturing Pack 1.x before 1.0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4827 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-4836 | 1 Ibm | 1 Tririga Application Platform | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-4837 | 1 Ibm | 1 Tririga Application Platform | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-5110 | 1 Fonality | 1 Trixbox | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter. | |||||
| CVE-2013-7141 | 1 Open-xchange | 1 Open-xchange Appsuite | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags. | |||||
| CVE-2014-2334 | 1 Fortinet | 1 Fortianalyzer Firmware | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. | |||||
| CVE-2014-2333 | 1 Marcel Brinkkemper | 1 Lazyest-gallery | 2017-08-29 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-2336 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335. | |||||
| CVE-2014-2315 | 2 Shinephp, Wordpress | 2 Thank You Counter Button, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Thank You Counter Button plugin 1.8.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) thanks_caption, (2) thanks_caption_style, or (3) thanks_style parameter to wp-admin/options.php. | |||||
| CVE-2014-2280 | 1 Seeddms | 1 Seeddms | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search feature in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2014-2291 | 1 Juniper | 1 Ive Os | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||