Search
Total
6403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4372 | 1 Redhat | 2 Jboss A-mq, Jboss Fuse | 2016-12-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page. | |||||
| CVE-2015-2960 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4995 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-12-31 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information. | |||||
| CVE-2013-4996 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-12-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted database name, (2) a crafted user name, (3) a crafted logo URL in the navigation panel, (4) a crafted entry in a certain proxy list, or (5) crafted content in a version.json file. | |||||
| CVE-2013-5002 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-12-31 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php. | |||||
| CVE-2013-5005 | 1 Tripwire | 1 Tripwire Enterprise | 2016-12-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_target_class_name, (2) m_target_method_name, or (3) m_request_context_params parameters. | |||||
| CVE-2013-5094 | 1 Mcafee | 1 Vulnerability Manager | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter. | |||||
| CVE-2013-5583 | 1 Joomla | 1 Joomla\! | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2013-6037 | 1 Aker | 1 Secure Mail Gateway | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter. | |||||
| CVE-2013-6017 | 1 Atmail | 1 Atmail | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element. | |||||
| CVE-2015-2064 | 1 Dlguard | 1 Dlguard | 2016-12-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DLGuard 5, 4.6, and 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) c, or (3) redirect parameter to index.php or (4) search field (searchTerm parameter) in the main page. | |||||
| CVE-2015-0343 | 1 Adobe | 1 Connect | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2015-0344 | 1 Adobe | 1 Connect | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-7250 | 1 Projectforge | 1 Projectforge | 2016-12-31 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java. | |||||
| CVE-2013-7241 | 1 Zenphoto | 1 Zenphoto | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI. | |||||
| CVE-2013-7258 | 1 Web2ldap | 1 Web2ldap | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "displaying group DN and entry data in group administration UI." | |||||
| CVE-2013-7389 | 1 D-link | 2 Dir-645, Dir-645 Firmware | 2016-12-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php. | |||||
| CVE-2013-7277 | 1 Aphpkb | 1 Aphpkb | 2016-12-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php. | |||||
| CVE-2013-7368 | 1 Raoul Proenca | 1 Gnew | 2016-12-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles/index.php, or (3) admin/polls.php; (4) category_id parameter to news/submit.php; news_id parameter to (5) news/send.php or (6) comments/add.php; or (7) post_subject or (8) thread_id parameter to posts/edit.php. | |||||
| CVE-2013-7365 | 1 Sap | 1 Enterprise Portal | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2015-1978 | 1 Ibm | 1 Tivoli Directory Server | 2016-12-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-4198 | 1 Cisco | 1 Web Security Appliance | 2016-12-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409. | |||||
| CVE-2015-4210 | 1 Cisco | 1 Webex Meeting Center | 2016-12-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806. | |||||
| CVE-2015-4260 | 1 Cisco | 1 Hosted Collaboration Solution | 2016-12-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Hosted Collaboration Solution 10.6(1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu14862. | |||||
| CVE-2015-4268 | 1 Cisco | 1 Identity Services Engine Software | 2016-12-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCus16052. | |||||
| CVE-2015-4272 | 1 Cisco | 1 Unified Communications Manager | 2016-12-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580. | |||||
| CVE-2015-4220 | 1 Cisco | 1 Unified Presence Server | 2016-12-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773. | |||||
| CVE-2015-4270 | 1 Cisco | 1 Firesight System Software | 2016-12-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702. | |||||
| CVE-2015-3660 | 1 Apple | 1 Safari | 2016-12-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content. | |||||
| CVE-2015-1966 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2016-12-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for Mobile and other products, allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to the (1) ERROR_DESCRIPTION and (2) TOKEN:RelayState macros. | |||||
| CVE-2015-0551 | 1 Emc | 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more | 2016-12-28 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6665 | 3 Chaos Tool Suite Project, Drupal, Fedoraproject | 3 Ctools, Drupal, Fedora | 2016-12-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag. | |||||
| CVE-2015-3988 | 2 Openstack, Oracle | 2 Horizon, Solaris | 2016-12-24 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. | |||||
| CVE-2015-3219 | 3 Debian, Openstack, Oracle | 3 Debian Linux, Horizon, Solaris | 2016-12-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class. | |||||
| CVE-2015-6658 | 1 Drupal | 1 Drupal | 2016-12-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files. | |||||
| CVE-2015-6506 | 1 Bestpractical | 1 Request Tracker | 2016-12-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key. | |||||
| CVE-2015-5691 | 1 Symantec | 1 Web Gateway | 2016-12-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php. | |||||
| CVE-2015-5481 | 1 Dev4press | 1 Gd Bbpress Attachments | 2016-12-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. | |||||
| CVE-2015-5528 | 1 Wpbeginner | 1 Floating Social Bar | 2016-12-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the save_order function in class-floating-social-bar.php in the Floating Social Bar plugin before 1.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the items[] parameter in an fsb_save_order action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-5625 | 1 Opendocman | 1 Opendocman | 2016-12-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. | |||||
| CVE-2015-5475 | 1 Bestpractical | 1 Request Tracker | 2016-12-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages. | |||||
| CVE-2015-6672 | 1 Citrix | 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2016-12-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6805 | 1 Medhabidotcom | 1 Mdc Private Message | 2016-12-22 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message. | |||||
| CVE-2015-4552 | 1 Mybb | 1 Mybb | 2016-12-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post. | |||||
| CVE-2014-8960 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-12-22 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. | |||||
| CVE-2015-0220 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2016-12-22 | 4.3 MEDIUM | N/A |
| The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL. | |||||
| CVE-2014-4986 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-12-22 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message. | |||||
| CVE-2015-2967 | 1 Cacti | 1 Cacti | 2016-12-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-5452 | 1 Hl7 | 1 C-cda | 2016-12-22 | 4.3 MEDIUM | N/A |
| CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document containing a table that is improperly handled during unrestricted xsl:copy operations. | |||||
| CVE-2014-8958 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-12-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page. | |||||