Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6403 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2192 1 Cisco 1 Unified Web And E-mail Interaction Manager 2015-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033.
CVE-2014-2125 1 Cisco 1 Unity Connection 2015-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.
CVE-2014-2118 1 Cisco 1 Prime Security Manager 2015-09-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687.
CVE-2014-2114 1 Cisco 1 Emergency Responder 2015-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.
CVE-2014-2104 1 Cisco 1 Unified Communications Domain Manager 2015-09-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113.
CVE-2014-0735 1 Cisco 1 Unified Communications Manager 2015-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.
CVE-2014-0723 1 Cisco 1 Unified Communications Manager 2015-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.
CVE-2015-5630 1 Ntt-bp 1 Japan Connected-free Wi-fi 2015-09-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID.
CVE-2015-6466 1 Moxa 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more 2015-09-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field.
CVE-2015-6921 1 Zendesk 1 Zendesk Feedback Tab 2015-09-14 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6919 1 Googlesearch Project 1 Googlesearch 2015-09-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q parameter to index.php.
CVE-2015-6751 1 Time Tracker Project 1 Time Tracker 2015-09-11 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) note added to a time entry or an (2) activity used to categorize time tracker entries.
CVE-2015-0139 1 Ibm 1 Websphere Portal 2015-09-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-0521 1 Emc 2 Rsa Certificate Manager, Rsa Registration Manager 2015-09-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter.
CVE-2015-0522 1 Emc 2 Rsa Certificate Manager, Rsa Registration Manager 2015-09-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary web script or HTML via vectors related to the email address parameter.
CVE-2015-0129 1 Ibm 1 Rational Quality Manager 2015-09-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager (RQM) 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-0177 1 Ibm 1 Websphere Portal 2015-09-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-0714 1 Cisco 1 Finesse 2015-09-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.
CVE-2014-3408 1 Cisco 1 Prime Optical 2015-09-10 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763.
CVE-2014-2853 1 Mediawiki 1 Mediawiki 2015-09-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.
CVE-2014-7280 1 Tenable 1 Web Ui 2015-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header.
CVE-2014-5316 1 Dotclear 1 Dotclear 2015-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page.
CVE-2014-5242 1 Mediawiki 1 Mediawiki 2015-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value.
CVE-2014-5191 1 Ckeditor 1 Ckeditor 2015-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2989 1 Lemon-s Php 1 Twit Bbs 2015-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attackers to inject arbitrary web script or HTML via the imagetitle parameter.
CVE-2015-2986 1 Rakuto 1 Rktsns2 2015-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji (rktSNS2) 0.2.2b allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2985 1 Guide-park 1 Bbs X102 2015-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6810 1 Invisionpower 1 Invision Power Board 2015-09-04 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.
CVE-2015-6809 1 Bedita 1 Bedita 2015-09-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection.
CVE-2015-6807 1 Mass Contact Project 1 Mass Contact 2015-09-04 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" permission to inject arbitrary web script or HTML via a category label.
CVE-2015-5612 1 Octobercms 1 October 2015-09-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.
CVE-2015-1516 1 Polycom 1 Realpresence Cloudaxis Suite 2015-09-04 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5487 1 Techsmith 1 Camtasia Relay 2015-09-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" permission to inject arbitrary web script or HTML via unspecified vectors related to the meta access tab.
CVE-2014-8488 2 Fedoraproject, Yourls 2 Fedora, Yourls 2015-09-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality.
CVE-2014-4955 1 Phpmyadmin 1 Phpmyadmin 2015-09-03 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page.
CVE-2014-4954 1 Phpmyadmin 1 Phpmyadmin 2015-09-03 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page.
CVE-2014-4848 1 Blogstand Banner Plugin Project 1 Blogstand-smart-banner 2015-09-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Blogstand Banner (blogstand-smart-banner) plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bs_blog_id parameter to wp-admin/options-general.php.
CVE-2014-5317 1 Php365 4 365 Links, 365 Links2, 365 Links\+ and 1 more 2015-09-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 and earlier, 365 Links2 3.11 and earlier, 365 Links+ 2.10 and earlier, and 365 Links2+ 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4846 1 Matchalabs 1 Metaslider 2015-09-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to wp-admin/admin.php.
CVE-2014-4847 1 Buffercode 1 Random Banner 2015-09-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1 parameter in an update action to wp-admin/options.php.
CVE-2014-4645 1 D-link 1 Dsl-2760u-e1 2015-09-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname.
CVE-2014-4603 2 Wordpress, Yahoo\! Updates For Wordpress Plugin Project 2 Wordpress, Yahoo\! Updates For Wordpress Plugin 2015-09-02 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in yupdates_application.php in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) secret, (2) key, or (3) appid parameter.
CVE-2014-4598 1 Wp-tmkm-amazon Project 1 Wp-tmkm-amazon 2015-09-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php in the wp-tmkm-amazon plugin 1.5b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the AID parameter.
CVE-2014-4349 1 Phpmyadmin 1 Phpmyadmin 2015-09-02 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.
CVE-2014-4348 1 Phpmyadmin 1 Phpmyadmin 2015-09-02 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables.
CVE-2014-4189 1 Hitachi 2 Jp1\/performance Management-manager Web Option, Tuning Manager 2015-09-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3892 1 Nexatechnologies 1 Meridian 2015-09-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3933 1 Newsignature 1 Addressfield Tokens 2015-09-02 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via an address field.
CVE-2015-6753 1 Quick Edit Project 1 Quick Edit 2015-09-01 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) entity title, related to in-place editing, or a (2) node title.
CVE-2015-6754 1 Path Breadcrumbs Project 1 Path Breadcrumbs 2015-09-01 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "Administer Path Breadcrumbs" permission to inject arbitrary web script or HTML via unspecified vectors.