Search
Total
6403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4576 | 1 Wordpress Social Login Project | 1 Wordpress Social Login | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter. | |||||
| CVE-2014-4537 | 1 Keyword Strategy Internal Links Project | 1 Keyword Strategy Internal Links | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyword Strategy Internal Links plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) sort, (2) search, or (3) dir parameter. | |||||
| CVE-2014-4540 | 1 Oleggo Livestream Project | 1 Oleggo Livestream | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in oleggo-twitter/twitter_login_form.php in the Oleggo LiveStream plugin 0.2.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2014-4541 | 1 Omfg Mobile Project | 1 Omfg Mobile | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shortcode-generator/preview-shortcode-external.php in the OMFG Mobile Pro plugin 1.1.26 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter. | |||||
| CVE-2014-4597 | 1 Wp Social Invitations Project | 1 Wp Social Invitations | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in test.php in the WP Social Invitations plugin before 1.4.4.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter. | |||||
| CVE-2014-4542 | 1 Ooorl Project | 1 Ooorl | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2014-4547 | 1 Rezgo | 1 Online Booking | 2014-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in templates/default/index_ajax.php in the Rezgo Online Booking plugin before 1.8.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) tags or (2) search_for parameter. | |||||
| CVE-2014-4591 | 1 Wp Picasa Image Project | 1 Wp Picasa Image | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in picasa_upload.php in the WP-Picasa-Image plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter. | |||||
| CVE-2014-3991 | 1 Dolibarr | 1 Dolibarr | 2014-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) dol_optimize_smallscreen, (15) dol_no_mouse_hover, (16) dol_hide_topmenu, or (17) dol_hide_leftmenu parameter to user/logout.php; the (18) email, (19) firstname, (20) job, (21) lastname, or (22) login parameter in an update action in a "User Card" to user/fiche.php; or the (23) modulepart or (24) file parameter to viewimage.php. | |||||
| CVE-2014-4908 | 1 Pnp4nagios | 1 Pnp4nagios | 2014-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/views/kohana_error_page.php or (2) share/pnp/application/views/template.php, leading to improper handling within an http-equiv="refresh" META element. | |||||
| CVE-2014-4856 | 1 Polldaddy Polls \& Ratings Plugin Project | 1 Polldaddy Polls \& Ratings | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-4855 | 1 Polylang Plugin Project | 1 Polylang | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-4853 | 1 Opendocman | 1 Opendocman | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file. | |||||
| CVE-2014-4579 | 1 Wp Appointments Schedules Project | 1 Wp Appointments Schedules | 2014-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in js/test.php in the Appointments Scheduler plugin 1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2014-4588 | 1 Hot Files\ | 1 File Sharing And Download Manager Project | 2014-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the Hot Files: File Sharing and Download Manager (wphotfiles) plugin 1.0.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mediaid parameter. | |||||
| CVE-2014-4593 | 1 Wp Plugin Manager Project | 1 Wp Plugin Manager | 2014-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filter parameter. | |||||
| CVE-2014-4601 | 1 Wu-rating Project | 1 Wu-rating | 2014-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wu-ratepost.php in the Wu-Rating plugin 1.0 12319 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the v parameter. | |||||
| CVE-2014-4849 | 1 Foecms | 1 Foecms | 2014-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in msg.php in FoeCMS allow remote attackers to inject arbitrary web script or HTML via the (1) e or (2) r parameter. | |||||
| CVE-2014-2963 | 1 Liferay | 1 Liferay Portal | 2014-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter. | |||||
| CVE-2014-4552 | 1 Spotlightyour | 1 Spotlightyour | 2014-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight (spotlightyour) plugin 4.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the paymentType parameter. | |||||
| CVE-2014-4551 | 1 Social Connect Project | 1 Social Connect | 2014-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in diagnostics/test.php in the Social Connect plugin 1.0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the testing parameter. | |||||
| CVE-2014-4572 | 1 Votecount For Balatarin Project | 1 Votecount For Balatarin | 2014-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) bvcurl parameter. | |||||
| CVE-2014-4573 | 1 Walk Score Project | 1 Walk Score | 2014-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in frame-maker.php in the Walk Score plugin 0.5.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) o parameter. | |||||
| CVE-2014-4557 | 1 Jigoshop | 1 Swipe Hq Checkout For Jigoshop | 2014-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for Jigoshop (swipe-hq-checkout-for-jigoshop) plugin 3.1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter. | |||||
| CVE-2014-4560 | 1 Toolpage Project | 1 Toolpage | 2014-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/getTipo.php in the ToolPage plugin 1.6.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the t parameter. | |||||
| CVE-2014-4581 | 1 Wpcb Project | 1 Wpcb | 2014-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in facture.php in the WPCB plugin 2.4.8 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2014-4566 | 1 Verweise-wordpress-twitter Project | 1 Verweise-wordpress-twitter | 2014-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in res/fake_twitter/frame.php in the "verwei.se - WordPress - Twitter" (verweise-wordpress-twitter) plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter. | |||||
| CVE-2014-4568 | 1 Videowhisper | 1 Video Posts Webcam Recorder | 2014-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in posts/videowhisper/r_logout.php in the Video Posts Webcam Recorder plugin 1.55.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2014-4742 | 1 Kajona | 1 Kajona | 2014-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_system) in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the systemid parameter in a mediaFolder action to index.php. | |||||
| CVE-2014-4578 | 1 Wp App Maker Project | 1 Wp App Maker | 2014-07-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in asset-studio/icons-launcher.php in the WP App Maker plugin 1.0.16.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter. | |||||
| CVE-2014-4580 | 1 Wp Blipbot Project | 1 Wp Blipbot | 2014-07-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blipbot.ajax.php in the WP BlipBot plugin 3.0.9 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the BlipBotID parameter. | |||||
| CVE-2014-4590 | 1 Wp Microblogs Project | 1 Wp Microblogs | 2014-07-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in get.php in the WP Microblogs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the oauth_verifier parameter. | |||||
| CVE-2014-4582 | 1 Wp Consultant Project | 1 Wp Consultant | 2014-07-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.php in the WP Consultant plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the dialog_id parameter. | |||||
| CVE-2014-4595 | 1 Wp Restful Project | 1 Wp Restful | 2014-07-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful plugin 0.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) oauth_callback parameter to html_api_authorize.php or the (2) oauth_token_temp or (3) oauth_callback_temp parameter to html_api_login.php. | |||||
| CVE-2014-4600 | 2 Wordpress, Wp Ultimate Email Marketer Project | 2 Wordpress, Wp Ultimate Email Marketer | 2014-07-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in contact/edit.php in the WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) listname or (2) contact parameter. | |||||
| CVE-2014-4599 | 1 Wp-business Directory Project | 1 Wp-business Directory | 2014-07-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) search_term, (3) page_id, (4) page, or (5) page_links parameter. | |||||
| CVE-2014-4604 | 1 Your-text-manager Project | 1 Your-text-manager | 2014-07-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in the Your Text Manager plugin 0.3.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ytmpw parameter. | |||||
| CVE-2014-4605 | 1 Zdstatistics Project | 1 Zdstatistics | 2014-07-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cal/test.php in the ZdStatistics (zdstats) plugin 2.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2014-4606 | 1 Zeenshare Project | 1 Zeenshare | 2014-07-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php in the ZeenShare plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the zs_sid parameter. | |||||
| CVE-2014-4546 | 1 Rezgo Project | 1 Rezgo | 2014-07-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo plugin 1.4.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the response parameter. | |||||
| CVE-2014-4555 | 1 Style It Project | 1 Style It | 2014-07-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in fonts/font-form.php in the Style It plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter. | |||||
| CVE-2014-4534 | 2 Html5 Video Player With Playlist Plugin Project, Wordpress | 2 Html5 Video Player With Playlist Plugin, Wordpress | 2014-07-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/autoplay.php in the HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) theme or (2) playlistmod parameter. | |||||
| CVE-2014-4565 | 1 Verification Code For Comments Project | 1 Verification Code For Comments | 2014-07-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in the Verification Code for Comments plugin 2.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) vp, (2) vs, (3) l, (4) vu, or (5) vm parameter. | |||||
| CVE-2014-4563 | 1 Url Cloak \& Encrypt Project | 1 Url Cloak \& Encrypt | 2014-07-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in go.php in the URL Cloak & Encrypt (url-cloak-encrypt) plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2014-4195 | 1 Aas9 | 1 Zerocms | 2014-07-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the article_id parameter. | |||||
| CVE-2014-4723 | 1 Easy Banners Plugin Project | 1 Easy Banners | 2014-07-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Easy Banners plugin 1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter to wp-admin/options-general.php. | |||||
| CVE-2014-0176 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2014-07-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4719 | 1 Usvn | 1 User-friendly Svn | 2014-07-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login panel (svn/login/) in User-Friendly SVN (aka USVN) before 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the username field. | |||||
| CVE-2014-3492 | 1 Theforeman | 1 Foreman | 2014-07-02 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 allow remote attackers to inject arbitrary web script or HTML via a parameter (1) name or (2) value related to the host. | |||||
| CVE-2014-3491 | 1 Theforeman | 1 Foreman | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page, related to create, update, and destroy notification boxes. | |||||