Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6403 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-4845 1 Stillbreathing 1 Bannerman 2015-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bannerman_background parameter to wp-admin/options-general.php.
CVE-2014-2244 1 Mediawiki 1 Mediawiki 2015-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php.
CVE-2014-1407 1 Conceptronic 2 C54apm, C54apm Firmware 2015-08-07 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.
CVE-2013-6674 1 Mozilla 3 Seamonkey, Thunderbird, Thunderbird Esr 2015-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
CVE-2014-8954 1 Codecanyon 1 Phpsound 2015-08-06 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php.
CVE-2014-8508 1 Denon 1 Avr-3313ci 2015-08-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname.
CVE-2014-8349 1 Liferay 1 Liferay Portal 2015-08-06 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file.
CVE-2014-7295 1 Mediawiki 1 Mediawiki 2015-08-06 3.5 LOW N/A
The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.
CVE-2014-5456 1 Social Stats Project 1 Social Stats 2015-08-06 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbitrary web script or HTML via vectors related to the configuration.
CVE-2014-5417 1 Meinberg 8 Lantime M100, Lantime M200, Lantime M300 and 5 more 2015-08-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5408 1 Nordex 1 Nordex Control 2 Scada 2015-08-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2014-1648 1 Symantec 1 Messaging Gateway 2015-08-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter.
CVE-2014-1899 1 Citrix 2 Netscaler Access Gateway, Netscaler Access Gateway Firmware 2015-08-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-1879 1 Phpmyadmin 1 Phpmyadmin 2015-08-05 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.
CVE-2015-2870 1 Chiyutw 3 Bf-630, Bf-630w, Bf-660c 2015-08-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element.
CVE-2014-3738 1 Zenoss 1 Zenoss 2015-08-01 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device.
CVE-2014-3247 1 O-dyn 1 Collabtive 2015-08-01 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php.
CVE-2014-2947 1 Bizagi 1 Business Process Management Suite 2015-08-01 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter.
CVE-2014-2975 1 Silver-peak 1 Vx 2015-08-01 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.
CVE-2014-2236 1 Askbot 1 Askbot 2015-07-30 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0.7.49 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) tag or (2) user search forms.
CVE-2014-2235 1 Askbot 1 Askbot 2015-07-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Askbot before 0.7.49 allows remote attackers to inject arbitrary web script or HTML via vectors related to the question search form.
CVE-2014-2080 1 Modx 1 Modx Revolution 2015-07-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter.
CVE-2014-1971 1 Silexlabs 1 Silex 2015-07-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Silex before 2.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5013 1 Symantec 1 Web Gateway 2015-07-30 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via (1) vectors involving PHP scripts and (2) unspecified other vectors.
CVE-2014-1968 1 Riken 1 Xoonips 2015-07-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-2639 1 Ctera 1 Cloud Storage Os 2015-07-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS before 3.2.29.0, 3.2.42.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the description in a project folder.
CVE-2014-5330 1 Birdblog 1 Birdblog 2015-07-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in BirdBlog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5331 1 Aptana 1 Aflax 2015-07-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Aflax allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5322 1 Filemaker 2 Filemaker Pro, Filemaker Pro Advanced 2015-07-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640.
CVE-2013-1096 1 Novell 1 Identity Manager Roles Based Provisioning Module 2015-07-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field Patch D for Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via a taskDetail taskId.
CVE-2013-6780 1 Yahoo 1 Yui 2015-07-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter.
CVE-2015-2976 1 Research-artisan 1 Research Artisan Lite 2015-07-27 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted HTML document or (2) a crafted URL that is mishandled during access-log analysis.
CVE-2013-7181 1 Fortinet 1 Fortiweb 2015-07-27 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
CVE-2014-2670 1 Zohocorp 1 Manageengine Opstor 2015-07-24 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344.
CVE-2014-0620 1 Technicolor 2 Tc7200, Tc7200 Firmware 2015-07-24 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route.
CVE-2014-0341 1 Pivotx 1 Pivotx 2015-07-24 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to objects.php; or the (5) email or (6) nickname field to pages.php, related to templates_internal/users.tpl.
CVE-2014-0339 1 Webmin 1 Webmin 2015-07-24 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2014-0338 1 Watchguard 1 Fireware 2015-07-24 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via the pol_name parameter.
CVE-2014-0334 1 Cmsmadesimple 1 Cms Made Simple 2015-07-24 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092.
CVE-2013-6175 1 Emc 1 Document Sciences Xpression 2015-07-22 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to inject arbitrary web script or HTML via unspecified input to a (1) xAdmin or (2) xDashboard form.
CVE-2015-5529 1 Freereprintables 1 Articlefr 2015-07-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to dashboard/settings/categories/, (2) title or (3) rel parameter to dashboard/settings/links/, or (4) url parameter to dashboard/tools/pingservers/.
CVE-2015-0130 1 Ibm 5 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Quality Manager and 2 more 2015-07-20 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-5520 1 Orchardproject 1 Orchard 2015-07-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account.
CVE-2015-2969 1 Lemon-s Php 1 Simple Oekaki Bbs 2015-07-15 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to inject arbitrary web script or HTML via the oekakis parameter.
CVE-2015-5521 1 Blackcat-cms 1 Blackcat Cms 2015-07-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php.
CVE-2015-5455 1 Qualiteam 1 X-cart 2015-07-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to install/.
CVE-2014-9741 1 Esri 3 Arcgis For Desktop, Arcgis For Engine, Arcgis For Server 2015-07-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2850 1 Antlabs 6 Inngate Ig 3.01 E, Inngate Ig 3.10 E, Inngate Ig 3.10 M and 3 more 2015-07-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2014-3653 1 Theforeman 1 Foreman 2015-07-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.
CVE-2014-9739 1 Node Field Project 1 Node Field 2015-07-08 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields.