Search
Total
6403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4602 | 1 Xen Carousel Plugin Project | 1 Xen Carousel | 2014-07-02 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in xencarousel-admin.js.php in the XEN Carousel plugin 0.12.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) ajaxpath parameter. | |||||
| CVE-2014-4585 | 1 Mnt-tech | 1 Wp-facethumb | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin possibly 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajax_url parameter to index.php. | |||||
| CVE-2014-4584 | 1 Wp-easybooking Plugin Project | 1 Wp-easybooking | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the fID parameter. | |||||
| CVE-2014-4583 | 1 Wp-contact Plugin Project | 1 Wp-contact-sidebar-widget | 2014-07-02 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in forms/messages.php in the WP-Contact (wp-contact-sidebar-widget) plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) order_direction, (3) limit_start, (4) id, or (5) order parameter. | |||||
| CVE-2014-4575 | 1 Wikipop Plugin Project | 1 Wikipop | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in js/window.php in the Wikipop plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2014-4564 | 1 Validated Plugin Project | 1 Validated Plugin | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in check.php in the Validated plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter. | |||||
| CVE-2014-4556 | 1 Swipe Checkout For Eshop Project | 1 Swipe Checkout For Eshop | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for eShop plugin 3.7.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter. | |||||
| CVE-2014-4538 | 1 Malware Finder Plugin Project | 1 Malware Finder | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2014-4533 | 1 Geo Redirector Plugin Project | 1 Geo Redirector | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ajax_functions.php in the GEO Redirector plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the hid_id parameter. | |||||
| CVE-2014-4528 | 1 Fbpromotions Project | 1 Fbpromotions | 2014-07-02 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-settings.php in the Bugs Go Viral : Facebook Promotion Generator (fbpromotions) plugin 1.3.4 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) promo_type, (2) fb_edit_action, or (3) promo_id parameter. | |||||
| CVE-2014-4521 | 1 Diversesolutions | 1 Dsidxpress Idx Plugin | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2014-4518 | 1 D-coda | 1 Contactme | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter. | |||||
| CVE-2014-4516 | 1 Bic Media Widget Plugin | 1 Bic Media Widget | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter. | |||||
| CVE-2014-4513 | 1 Activehelper | 1 Activehelper Livehelp Live Chat | 2014-07-01 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter. | |||||
| CVE-2013-7003 | 1 Livezilla | 1 Livezilla | 2014-06-30 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php. | |||||
| CVE-2014-2006 | 1 Intercom | 1 Web Kyukincho | 2014-06-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3841 | 2 Tech-banker, Wordpress | 2 Contact Bank, Wordpress | 2014-06-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-3842 | 1 Imember360 | 1 Imember360 | 2014-06-27 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) decrypt or (2) encrypt parameter. | |||||
| CVE-2014-3846 | 1 Flyingcart | 1 Flying Cart | 2014-06-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Flying Cart allows remote attackers to inject arbitrary web script or HTML via the p parameter to index.php. | |||||
| CVE-2014-3923 | 1 Digitalzoomstudio | 1 Video Gallery | 2014-06-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_rouge.swf, (3) preview_allchars.swf, or (4) preview_skin_overlay.swf in deploy/. | |||||
| CVE-2014-3921 | 1 Simple Popup Project | 1 Simple Popup | 2014-06-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter. | |||||
| CVE-2014-4309 | 1 Openfiler | 1 Openfiler | 2014-06-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 allow remote attackers to inject arbitrary web script or HTML via the (1) TinkerAjax parameter to uptime.html, or remote authenticated users to inject arbitrary web script or HTML via the (2) MaxInstances, (3) PassivePorts, (4) Port, (5) ServerName, (6) TimeoutLogin, (7) TimeoutNoTransfer, or (8) TimeoutStalled parameter to admin/services_ftp.html; the (9) dns1 or (10) dns2 parameter to admin/system.html; the (11) newTgtName parameter to admin/volumes_iscsi_targets.html; the User-Agent HTTP header to (12) language.html, (13) login.html, or (14) password.html in account/; or the User-Agent HTTP header to (15) account_groups.html, (16) account_users.html, (17) services.html, (18) services_ftp.html, (19) services_iscsi_target.html, (20) services_rsync.html, (21) system_clock.html, (22) system_info.html, (23) system_ups.html, (24) volumes_editpartitions.html, or (25) volumes_iscsi_targets.html in admin/. | |||||
| CVE-2014-4160 | 1 Sap | 1 Netweaver Business Client | 2014-06-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter. | |||||
| CVE-2014-4335 | 1 Barracudadrive | 1 Barracudadrive | 2014-06-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) host or (2) password parameter to rtl/protected/admin/ddns/. | |||||
| CVE-2014-4308 | 1 Nice | 1 Recording Express | 2014-06-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) USRLNM parameter to myaccount/mysettings.edit.validate.asp or the frame parameter to (2) iframe.picker.statchannels.asp, (3) iframe.picker.channelgroups.asp, (4) iframe.picker.extensions.asp, (5) iframe.picker.licenseusergroups.asp, (6) iframe.picker.licenseusers.asp, (7) iframe.picker.lookup.asp, or (8) iframe.picker.marks.asp in _ifr/. | |||||
| CVE-2014-4302 | 1 Ham3d | 1 Ham3d Shop Engine | 2014-06-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D Shop Engine allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | |||||
| CVE-2014-3876 | 1 Ulli Horlacher | 1 Fex | 2014-06-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc. | |||||
| CVE-2014-4032 | 1 Fiyo | 1 Fiyo Cms | 2014-06-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field. | |||||
| CVE-2014-3840 | 1 Mayan-edms | 1 Mayan Edms | 2014-06-18 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bootstrap setup, or Title field in a (4) smart link or (5) web form. | |||||
| CVE-2014-2502 | 1 Emc | 1 Rsa Adaptive Authentication Hosted | 2014-06-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4166 | 1 Shoutcast | 1 Dnas | 2014-06-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field. | |||||
| CVE-2014-3995 | 1 Reviewboard | 1 Djblets | 2014-06-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name. | |||||
| CVE-2014-2002 | 1 C-board Moyuku Project | 1 C-board Moyuku | 2014-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in C-BOARD Moyuku 1.01b6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4161 | 1 Sap | 1 Supplier Relationship Management | 2014-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2012-3522 | 1 Qbnz | 1 Geshi | 2014-06-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in GeSHi before 1.0.8.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4036 | 1 Impresscms | 1 Impresscms | 2014-06-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action. | |||||
| CVE-2014-4033 | 1 Efrontlearning | 1 Efront | 2014-06-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php. | |||||
| CVE-2014-3974 | 1 Auracms | 1 Auracms | 2014-06-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter. | |||||
| CVE-2014-1998 | 1 N-i-agroinformatics | 1 Soy Cms | 2014-06-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3948 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2014-06-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3949 | 2 Jo Hasenau, Typo3 | 2 Gridelements, Typo3 | 2014-06-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3960 | 1 Opennms | 1 Opennms | 2014-06-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2353 | 1 Cogentdatahub | 1 Cogent Datahub | 2014-06-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3833 | 1 Owncloud | 1 Owncloud | 2014-06-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function. | |||||
| CVE-2014-3832 | 1 Owncloud | 1 Owncloud | 2014-06-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function. | |||||
| CVE-2012-5056 | 1 Owncloud | 1 Owncloud | 2014-06-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php. | |||||
| CVE-2014-2939 | 1 Alfresco | 1 Alfresco | 2014-06-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit. | |||||
| CVE-2012-5650 | 1 Apache | 1 Couchdb | 2014-05-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite. | |||||
| CVE-2013-2712 | 1 Krisonav | 1 Krisonav | 2014-05-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter. | |||||
| CVE-2014-3870 | 1 Bib2html Project | 1 Bib2html | 2014-05-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd action to OSBiB/create/index.php. | |||||