Search
Total
6403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6752 | 1 Search Api Autocomplete Project | 1 Search Api Autocomplete | 2015-09-01 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the returned suggestions. | |||||
| CVE-2014-3148 | 1 Ok Web Server Project | 1 Ok Web Server | 2015-09-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid OKWS (OK Web Server) allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to a non-existent page, which is not properly handled in a 404 error page. | |||||
| CVE-2014-2329 | 1 Check Mk Project | 1 Check Mk | 2015-09-01 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors. | |||||
| CVE-2014-3878 | 1 Ipswitch | 1 Imail Server | 2015-08-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section. | |||||
| CVE-2014-4710 | 1 Aas9 | 1 Zerocms | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field. | |||||
| CVE-2014-4596 | 1 Snapapp Project | 1 Snapapp | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) msg or (2) act parameter. | |||||
| CVE-2014-4587 | 1 Wp Guestmap Project | 1 Wp Guestmap Project | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3) dc parameter to guest-locator.php; the (4) zl, (5) mt, (6) activate, or (7) dc parameter to online-tracker.php; the (8) zl, (9) mt, or (10) dc parameter to stats-map.php; or the (11) zl, (12) mt, (13) activate, or (14) dc parameter to weather-map.php. | |||||
| CVE-2014-4594 | 1 Wordpress Responsive Preview Project | 1 Wordpress Responsive Preview | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2014-4570 | 1 Videowhisper | 1 Video Presentation | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) room_name parameter to c_login.php or (2) room parameter to index.php in vp/. | |||||
| CVE-2014-4571 | 1 Vn-calendar Project | 1 Vn-calendar | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fs or (2) w parameter. | |||||
| CVE-2014-4554 | 1 Ss Downloads Project | 1 Ss Downloads | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title parameter. | |||||
| CVE-2014-4545 | 1 Pro Quoter Plugin Project | 1 Pro Quoter | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) leftorright or (2) author parameter. | |||||
| CVE-2014-4549 | 1 Woocommerce Sagepay Direct Payment Gateway Project | 1 Woocommerce Sagepay Direct Payment Gateway | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter. | |||||
| CVE-2014-4569 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter. | |||||
| CVE-2014-4543 | 1 Pay Per Media Player Project | 1 Pay Per Media Player | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.php in the Pay Per Media Player plugin 1.24 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fcolor, (2) links, (3) stitle, (4) height, (5) width, (6) host, (7) bcolor, (8) msg, (9) id, or (10) size parameter. | |||||
| CVE-2014-4520 | 1 Dmca | 1 Dmca Watermarker | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir parameter. | |||||
| CVE-2014-4515 | 1 Anyfont Plugin Project | 1 Anyfont | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter. | |||||
| CVE-2014-4037 | 1 Ckeditor | 1 Fckeditor | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a different issue than CVE-2012-4000. | |||||
| CVE-2014-4023 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.0, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0 and 10.1.0 through 10.2.4, and PSM 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8987 | 1 Mantisbt | 1 Mantisbt | 2015-08-25 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different vulnerability than CVE-2014-8986. | |||||
| CVE-2015-0298 | 1 Redhat | 1 Mod Cluster | 2015-08-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message. | |||||
| CVE-2012-3507 | 1 Roundcube | 1 Webmail | 2015-08-24 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject. | |||||
| CVE-2015-2982 | 1 Php Kobo | 1 Photo Gallery Cms Free | 2015-08-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php. | |||||
| CVE-2012-6121 | 1 Roundcube | 1 Webmail | 2015-08-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link. | |||||
| CVE-2015-4294 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2015-08-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766. | |||||
| CVE-2015-4292 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2015-08-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv45818. | |||||
| CVE-2015-6528 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2015-08-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter. | |||||
| CVE-2015-5513 | 1 Niif | 1 Shibboleth Authentication | 2015-08-20 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login link. | |||||
| CVE-2015-5514 | 1 Migrate Project | 1 Migrate | 2015-08-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary web script or HTML via a destination field label. | |||||
| CVE-2015-5500 | 1 Navigate Project | 1 Navigate | 2015-08-20 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5497 | 1 Web Links Project | 1 Web Links | 2015-08-20 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5495 | 1 Mobile Sliding Menu Project | 1 Mobile Sliding Menu | 2015-08-20 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer menu" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5492 | 1 Video Consultation Project | 1 Video Consultation | 2015-08-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6515 | 1 Splunk | 1 Splunk | 2015-08-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header. | |||||
| CVE-2015-6514 | 1 Splunk | 1 Splunk | 2015-08-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5489 | 1 Smart Trim Project | 1 Smart Trim | 2015-08-19 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form. | |||||
| CVE-2015-5488 | 1 Thinkshout | 1 Mailchimp | 2015-08-19 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5485 | 1 Theeventscalendar | 1 Eventbrite Tickets | 2015-08-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php. | |||||
| CVE-2014-9743 | 1 Videolan | 1 Vlc Media Player | 2015-08-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info. | |||||
| CVE-2015-4376 | 1 Profile2 Privacy Project | 1 Profile2 Privacy | 2015-08-13 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Profile2 Privacy Levels" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-4380 | 1 Linear Case Project | 1 Linear Case | 2015-08-13 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Linear Case module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5519 | 1 Wideimage Project | 1 Wideimage | 2015-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php. | |||||
| CVE-2014-2191 | 1 Cisco | 1 Broadband Access Center Telco Wireless Software | 2015-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun91113. | |||||
| CVE-2014-2092 | 1 Cmsmadesimple | 1 Cms Made Simple | 2015-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the original disclosure also reported issues that may not cross privilege boundaries. | |||||
| CVE-2014-2091 | 1 Atutor | 1 Atutor | 2015-08-13 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries. | |||||
| CVE-2014-0812 | 2 Kent-web, Microsoft | 2 Joyful Note, Internet Explorer | 2015-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-0811 | 1 Blackboard | 1 Vista\/ce | 2015-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 SP6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-0639 | 1 Emc | 1 Rsa Archer Egrc | 2015-08-13 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2744 | 1 Mozilla | 1 Firefox Os | 2015-08-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Search app in Gaia in Mozilla Firefox OS before 2.2 allows remote attackers to inject arbitrary HTML via a crafted search link that is mishandled after re-opening the browser or opening the tab view. | |||||
| CVE-2015-2745 | 1 Mozilla | 1 Firefox Os | 2015-08-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Search app in Gaia in Mozilla Firefox OS before 2.2 allow remote attackers to inject arbitrary HTML via the (1) name or (2) title field in card content associated with a search link that is mishandled after a HOME button press or a Show Windows action, as demonstrated by embedding an arbitrary application or spoofing the account-creation page. | |||||