Search
Total
6403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1363 | 1 Freereprintables | 1 Articlefr | 2015-01-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/. | |||||
| CVE-2015-1373 | 1 Ferretcms Project | 1 Ferretcms | 2015-01-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search request, (2) username in a login request, which is not properly handled when logging the event, or (3) page title in an insert action. | |||||
| CVE-2015-1347 | 1 Osticket | 1 Osticket | 2015-01-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2015-1028 | 1 D-link | 2 Dsl-2730b, Dsl-2730b Firmware | 2015-01-26 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer). | |||||
| CVE-2014-4514 | 1 Alipay Project | 1 Alipay | 2015-01-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to the getDebugInfo function. | |||||
| CVE-2015-1204 | 1 Getusedtoit | 1 Wp Slimstat | 2015-01-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fs[resource] parameter in the wp-slim-view-2 page to wp-admin/admin.php. | |||||
| CVE-2015-0553 | 1 Websitebaker | 1 Websitebaker | 2015-01-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 SP3 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter. | |||||
| CVE-2015-0862 | 1 Pivotal Software | 1 Rabbitmq Management | 2015-01-20 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin before 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a message is unqueued, such as headers or arguments; (2) policy names, which are not properly handled when viewing policies; (3) details for AMQP network clients, such as the version; allow remote authenticated administrators to inject arbitrary web script or HTML via (4) user names, (5) the cluster name; or allow RabbitMQ cluster administrators to (6) modify unspecified content. | |||||
| CVE-2014-9480 | 1 Mediawiki | 1 Mediawiki | 2015-01-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts. | |||||
| CVE-2014-9479 | 1 Mediawiki | 1 Mediawiki | 2015-01-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox. | |||||
| CVE-2014-9478 | 1 Mediawiki | 1 Mediawiki | 2015-01-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page. | |||||
| CVE-2014-9477 | 1 Mediawiki | 1 Mediawiki | 2015-01-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter. | |||||
| CVE-2014-9561 | 1 Softbb | 1 Softbb | 2015-01-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter. | |||||
| CVE-2015-1052 | 1 Phpkit | 1 Phpkit | 2015-01-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows remote attackers to inject arbitrary web script or HTML via the result parameter to upload_files/pk/include.php. | |||||
| CVE-2015-1040 | 1 Bedita | 1 Bedita | 2015-01-15 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) "note text" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view. | |||||
| CVE-2015-1039 | 1 Zfcuser Project | 1 Zfcuser | 2015-01-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. | |||||
| CVE-2014-10035 | 1 Couponphp | 1 Couponphp | 2015-01-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the (3) affiliate_url, (4) description, (5) domain, (6) seo[description], (7) seo[heading], (8) seo[title], (9) seo[keywords], (10) setting[logo], (11) setting[perpage], or (12) setting[sitename] to admin/index.php. | |||||
| CVE-2014-100037 | 1 Storytlr | 1 Storytlr | 2015-01-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to archives/. | |||||
| CVE-2014-100021 | 1 Orangehrm | 1 Orangehrm | 2015-01-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the empsearch[employee_name][empId] parameter. | |||||
| CVE-2014-100018 | 1 Unconfirmed Project | 1 Unconfirmed | 2015-01-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Unconfirmed plugin before 1.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in the unconfirmed page to wp-admin/network/users.php. | |||||
| CVE-2014-9507 | 1 Mediawiki | 1 Mediawiki | 2015-01-14 | 2.6 LOW | N/A |
| MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS. | |||||
| CVE-2014-10028 | 1 D-link | 2 Dap-1360, Dap-1360 Firmware | 2015-01-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41. | |||||
| CVE-2014-9500 | 1 Moip Project | 1 Moip | 2015-01-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the notification page callback. | |||||
| CVE-2014-9501 | 1 Poll Chart Block Project | 1 Poll Chart Block | 2015-01-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a poll node title. | |||||
| CVE-2014-9498 | 1 Webform Invitation Project | 1 Webform Invitation | 2015-01-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web script or HTML via a node title. | |||||
| CVE-2013-7419 | 1 Joomlaskin | 1 Js Multi Hotel | 2015-01-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the roomid parameter. | |||||
| CVE-2014-9582 | 1 Codiad | 1 Codiad | 2015-01-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. | |||||
| CVE-2015-0918 | 1 Sefrengo | 1 Sefrengo | 2015-01-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php. | |||||
| CVE-2015-0917 | 1 Kajona | 1 Kajona | 2015-01-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php. | |||||
| CVE-2014-8376 | 1 Site Banner Project | 1 Site Banner | 2015-01-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML via vectors related to context settings. | |||||
| CVE-2014-4517 | 1 Cbi Referral Manager Project | 1 Cbi Referral Manager | 2015-01-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the searchString parameter. | |||||
| CVE-2014-3628 | 1 Apache | 1 Solr | 2015-01-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object. | |||||
| CVE-2014-9518 | 1 D-link | 2 Dir-655, Dir-655 Firmware | 2015-01-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter. | |||||
| CVE-2014-9516 | 1 Social Microblogging Pro Project | 1 Social Microblogging Pro | 2015-01-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site" input in the Profile section. | |||||
| CVE-2014-9446 | 1 Koha | 1 Koha | 2015-01-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl. | |||||
| CVE-2014-9444 | 1 Frontend Uploader Project | 1 Frontend Uploader | 2015-01-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI. | |||||
| CVE-2014-9443 | 1 Relevanssi | 1 Relevanssi | 2015-01-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-9434 | 1 Absolutengine | 1 Absolut Engine | 2015-01-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter. | |||||
| CVE-2014-7293 | 1 Nyu | 1 Opensso Integration | 2015-01-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2010-5316 | 1 Basic-cms | 1 Sweetrice | 2015-01-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to inject arbitrary web script or HTML via a top_height cookie. | |||||
| CVE-2010-5314 | 1 Chialab \& Channelweb | 1 Bedita | 2015-01-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in controllers/home_controller.php in BEdita before 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index. | |||||
| CVE-2014-8752 | 1 Jce-tech | 1 Video Niche Script | 2015-01-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in view.php in JCE-Tech PHP Video Script (aka Video Niche Script) 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) video or (2) title parameter. | |||||
| CVE-2014-9325 | 1 Twiki | 1 Twiki | 2015-01-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences. | |||||
| CVE-2014-9367 | 1 Twiki | 1 Twiki | 2015-01-03 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a "'" (single quote) in the scope parameter to do/view/TWiki/WebSearch. | |||||
| CVE-2011-5304 | 1 Sodahead | 1 Sodahead Polls | 2015-01-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Polls plugin before 2.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) the poll_id parameter to customizer.php or (2) the customize parameter to poll.php. | |||||
| CVE-2011-5303 | 1 Clausmuus | 1 Spitfire | 2015-01-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Spitfire CMS 1.0.436 allows remote attackers to inject arbitrary web script or HTML via a cms_username cookie. | |||||
| CVE-2011-5296 | 1 Tuttophp | 1 Happy Chat | 2015-01-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in profilo.php in Happy Chat 1.0 allows remote attackers to inject arbitrary web script or HTML via the nick parameter. | |||||
| CVE-2011-5287 | 1 Hesk | 1 Hesk | 2015-01-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HESK before 2.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) hesk_settings[tmp_title] or (2) hesklang[ENCODING] parameter to inc/header.inc.php; the hesklang[attempt] parameter to (3) inc/assignment_search.inc.php, (4) inc/attachments.inc.php, (5) inc/common.inc.php, (6) inc/database.inc.php, (7) inc/prepare_ticket_search.inc.php, (8) inc/print_tickets.inc.php, (9) inc/show_admin_nav.inc.php, (10) inc/show_search_form.inc.php, or (11) inc/ticket_list.inc.php; or (12) the PATH_INFO to language/en/text.php. | |||||
| CVE-2011-5301 | 1 Kubelabs | 1 Phpdug | 2015-01-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPDug 2.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the story_url parameter to add_story.php, (2) the email parameter to editprofile.php, (3) the title parameter to adm/content_add.php, or (4) the username parameter to adm/admin_edit.php. | |||||
| CVE-2011-5299 | 1 Pommo | 1 Pommo-ardvark | 2015-01-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via (1) the referer parameter to index.php, (2) the site_name parameter to admin/setup/config/general.php, (3) the group_name parameter to admin/subscribers/subscribers_groups.php, or (4) the field_name parameter to admin/setup/setup_fields.php. | |||||