Search
Total
6403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3396 | 1 Cisco | 1 Content Security Management Appliance | 2015-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework in Cisco Content Security Management on Security Management Appliance (SMA) devices allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh24749. | |||||
| CVE-2015-7728 | 1 Sap | 1 Hana | 2015-10-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898. | |||||
| CVE-2015-7726 | 1 Sap | 1 Hana | 2015-10-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898. | |||||
| CVE-2014-3497 | 1 Openstack | 1 Swift | 2015-10-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header. | |||||
| CVE-2014-1695 | 1 Otrs | 1 Otrs | 2015-10-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email. | |||||
| CVE-2014-2370 | 1 Omron | 6 Ns10 Hmi Terminal, Ns12 Hmi Terminal, Ns15 Hmi Terminal and 3 more | 2015-10-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data. | |||||
| CVE-2014-2711 | 1 Juniper | 1 Junos | 2015-10-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3 before 12.3R6, 13.1 before 13.1R4, 13.2 before 13.2R3, and 13.3 before 13.3R1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2712 | 1 Juniper | 1 Junos | 2015-10-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php. | |||||
| CVE-2014-2538 | 1 Joshua Peek | 1 Rack-ssl | 2015-10-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack. | |||||
| CVE-2013-1070 | 1 Ubuntu | 1 Metal As A Service | 2015-10-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/. | |||||
| CVE-2015-4939 | 1 Ibm | 3 Emptoris Program Management, Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management | 2015-10-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-4973 | 1 Ibm | 1 B2b Advanced Communications | 2015-10-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-4971 | 1 Ibm | 2 Emptoris, Emptoris Program Management | 2015-10-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-4944 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2015-10-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-7708 | 1 4homepages | 1 4images | 2015-10-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat_description parameter in an updatecat action to admin/categories.php. | |||||
| CVE-2012-2932 | 1 Tinywebgallery | 1 Tinywebgallery | 2015-10-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/index.php. | |||||
| CVE-2014-4743 | 1 Kajona | 1 Kajona | 2015-10-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before 4.5 allow remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2014-4871 | 1 Netcommwireless | 2 Nb604n, Nb604n Firmware | 2015-10-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter. | |||||
| CVE-2014-9031 | 1 Wordpress | 1 Wordpress | 2015-10-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post. | |||||
| CVE-2014-9032 | 1 Wordpress | 1 Wordpress | 2015-10-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-1773 | 1 Apache | 1 Flex | 2015-10-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component. | |||||
| CVE-2015-2031 | 1 Ibm | 1 Websphere Extreme Scale | 2015-10-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-1983 | 1 Ibm | 1 Urbancode Build | 2015-10-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Projects page in IBM UrbanCode Build 6.1.x before 6.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-1888 | 1 Ibm | 1 Content Navigator | 2015-10-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content Foundation, Content Manager OnDemand, and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-0144 | 1 Ibm | 1 Openpages Grc Platform | 2015-10-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916. | |||||
| CVE-2014-8916 | 1 Ibm | 1 Openpages Grc Platform | 2015-10-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144. | |||||
| CVE-2015-0195 | 1 Ibm | 2 Content Template Catalog, Websphere Portal | 2015-10-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-5651 | 1 Dotclear | 1 Dotclear | 2015-10-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-0668 | 1 Cisco | 1 Webex Meetings Server | 2015-10-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737. | |||||
| CVE-2015-0299 | 1 Open Source Point Of Sale Project | 1 Open Source Point Of Sale | 2015-09-30 | 4.0 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-7604 | 1 Splunk | 1 Splunk | 2015-09-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and Splunk Light 6.2.x before 6.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-0690 | 1 Cisco | 1 Wireless Lan Controller Software | 2015-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178. | |||||
| CVE-2015-7386 | 1 Ghozylab | 1 Gallery - Photo Albums - Portfolio | 2015-09-29 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) Media Title or (2) Media Subtitle fields. | |||||
| CVE-2015-7383 | 1 Refbase | 1 Refbase | 2015-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or HTML via the (1) adminUserName, (2) pathToMYSQL, (3) databaseStructureFile, or (4) pathToBibutils parameter to install.php or the (5) adminUserName parameter to update.php. | |||||
| CVE-2015-6475 | 1 Ibc Solar | 2 Danfoss Tlx Pro\+, Servemaster Tlp\+ | 2015-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6010 | 1 Refbase | 1 Refbase | 2015-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to error.php; the (3) viewType parameter to duplicate_manager.php; the (4) queryAction, (5) displayType, (6) citeOrder, (7) sqlQuery, (8) showQuery, (9) showLinks, (10) showRows, or (11) queryID parameter to query_manager.php; the (12) sourceText or (13) sourceIDs parameter to import.php; or the (14) typeName or (15) fileName parameter to modify.php. | |||||
| CVE-2015-2349 | 1 Superwebmailer | 1 Superwebmailer | 2015-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in defaultnewsletter.php in SuperWebMailer 5.60.0.01190 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTMLForm parameter. | |||||
| CVE-2015-0158 | 1 Ibm | 1 Business Process Manager | 2015-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-6238 | 1 Sumome | 1 Google Analyticator | 2015-09-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin before 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ga_adsense, (2) ga_admin_disable_DimentionIndex, (3) ga_downloads_prefix, (4) ga_downloads, or (5) ga_outbound_prefix parameter in the google-analyticator page to wp-admin/admin.php. | |||||
| CVE-2015-7307 | 1 Drupaldise | 1 Cms Updater | 2015-09-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the configuration page. | |||||
| CVE-2015-7304 | 1 Drupaljedi | 1 Amocrm | 2015-09-23 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data. | |||||
| CVE-2015-5992 | 1 Philippine Long Distance Telephone | 4 Kasda Kw58293, Kasda Kw58293 Firmware, Speedsurf 504an and 1 more | 2015-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter. | |||||
| CVE-2015-7232 | 1 Structured Dynamics | 1 Open Semantic Framework | 2015-09-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6920 | 1 Sourceafrica Project | 1 Sourceafrica | 2015-09-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. | |||||
| CVE-2014-9475 | 1 Mediawiki | 1 Mediawiki | 2015-09-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message. | |||||
| CVE-2015-6969 | 1 S9y | 1 Serendipity | 2015-09-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link. | |||||
| CVE-2014-5088 | 1 Status2k | 1 Status2k | 2015-09-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php. | |||||
| CVE-2014-4958 | 1 Telerik | 1 Asp.net Ajax Radeditor Control | 2015-09-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or HTML via CSS expressions in style attributes. | |||||
| CVE-2014-4854 | 1 Smartcatdesign | 1 Wp Contruction Mode | 2015-09-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuc_logo parameter in a save action to wp-admin/admin.php. | |||||
| CVE-2014-3266 | 1 Cisco | 1 Security Manager | 2015-09-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189. | |||||