Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4954 | 1 Phpmyadmin | 1 Phpmyadmin | 2015-09-03 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page. | |||||
| CVE-2014-4848 | 1 Blogstand Banner Plugin Project | 1 Blogstand-smart-banner | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Blogstand Banner (blogstand-smart-banner) plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bs_blog_id parameter to wp-admin/options-general.php. | |||||
| CVE-2014-5317 | 1 Php365 | 4 365 Links, 365 Links2, 365 Links\+ and 1 more | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 and earlier, 365 Links2 3.11 and earlier, 365 Links+ 2.10 and earlier, and 365 Links2+ 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4847 | 1 Buffercode | 1 Random Banner | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1 parameter in an update action to wp-admin/options.php. | |||||
| CVE-2014-4846 | 1 Matchalabs | 1 Metaslider | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to wp-admin/admin.php. | |||||
| CVE-2014-4645 | 1 D-link | 1 Dsl-2760u-e1 | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname. | |||||
| CVE-2014-4603 | 2 Wordpress, Yahoo\! Updates For Wordpress Plugin Project | 2 Wordpress, Yahoo\! Updates For Wordpress Plugin | 2015-09-02 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in yupdates_application.php in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) secret, (2) key, or (3) appid parameter. | |||||
| CVE-2014-4598 | 1 Wp-tmkm-amazon Project | 1 Wp-tmkm-amazon | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php in the wp-tmkm-amazon plugin 1.5b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the AID parameter. | |||||
| CVE-2014-4349 | 1 Phpmyadmin | 1 Phpmyadmin | 2015-09-02 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action. | |||||
| CVE-2014-4348 | 1 Phpmyadmin | 1 Phpmyadmin | 2015-09-02 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables. | |||||
| CVE-2014-4189 | 1 Hitachi | 2 Jp1\/performance Management-manager Web Option, Tuning Manager | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3892 | 1 Nexatechnologies | 1 Meridian | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3933 | 1 Newsignature | 1 Addressfield Tokens | 2015-09-02 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via an address field. | |||||
| CVE-2015-6753 | 1 Quick Edit Project | 1 Quick Edit | 2015-09-01 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) entity title, related to in-place editing, or a (2) node title. | |||||
| CVE-2015-6754 | 1 Path Breadcrumbs Project | 1 Path Breadcrumbs | 2015-09-01 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "Administer Path Breadcrumbs" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6752 | 1 Search Api Autocomplete Project | 1 Search Api Autocomplete | 2015-09-01 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the returned suggestions. | |||||
| CVE-2014-3148 | 1 Ok Web Server Project | 1 Ok Web Server | 2015-09-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid OKWS (OK Web Server) allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to a non-existent page, which is not properly handled in a 404 error page. | |||||
| CVE-2014-2329 | 1 Check Mk Project | 1 Check Mk | 2015-09-01 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors. | |||||
| CVE-2014-3878 | 1 Ipswitch | 1 Imail Server | 2015-08-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section. | |||||
| CVE-2014-4710 | 1 Aas9 | 1 Zerocms | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field. | |||||
| CVE-2014-4596 | 1 Snapapp Project | 1 Snapapp | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) msg or (2) act parameter. | |||||
| CVE-2014-4587 | 1 Wp Guestmap Project | 1 Wp Guestmap Project | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3) dc parameter to guest-locator.php; the (4) zl, (5) mt, (6) activate, or (7) dc parameter to online-tracker.php; the (8) zl, (9) mt, or (10) dc parameter to stats-map.php; or the (11) zl, (12) mt, (13) activate, or (14) dc parameter to weather-map.php. | |||||
| CVE-2014-4594 | 1 Wordpress Responsive Preview Project | 1 Wordpress Responsive Preview | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2014-4571 | 1 Vn-calendar Project | 1 Vn-calendar | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fs or (2) w parameter. | |||||
| CVE-2014-4570 | 1 Videowhisper | 1 Video Presentation | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) room_name parameter to c_login.php or (2) room parameter to index.php in vp/. | |||||
| CVE-2014-4569 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter. | |||||
| CVE-2014-4545 | 1 Pro Quoter Plugin Project | 1 Pro Quoter | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) leftorright or (2) author parameter. | |||||
| CVE-2014-4549 | 1 Woocommerce Sagepay Direct Payment Gateway Project | 1 Woocommerce Sagepay Direct Payment Gateway | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter. | |||||
| CVE-2014-4554 | 1 Ss Downloads Project | 1 Ss Downloads | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title parameter. | |||||
| CVE-2014-4543 | 1 Pay Per Media Player Project | 1 Pay Per Media Player | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.php in the Pay Per Media Player plugin 1.24 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fcolor, (2) links, (3) stitle, (4) height, (5) width, (6) host, (7) bcolor, (8) msg, (9) id, or (10) size parameter. | |||||
| CVE-2014-4520 | 1 Dmca | 1 Dmca Watermarker | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir parameter. | |||||
| CVE-2014-4515 | 1 Anyfont Plugin Project | 1 Anyfont | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter. | |||||
| CVE-2014-4037 | 1 Ckeditor | 1 Fckeditor | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a different issue than CVE-2012-4000. | |||||
| CVE-2014-4023 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.0, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0 and 10.1.0 through 10.2.4, and PSM 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8987 | 1 Mantisbt | 1 Mantisbt | 2015-08-25 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different vulnerability than CVE-2014-8986. | |||||
| CVE-2015-0298 | 1 Redhat | 1 Mod Cluster | 2015-08-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message. | |||||
| CVE-2012-3507 | 1 Roundcube | 1 Webmail | 2015-08-24 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject. | |||||
| CVE-2015-2982 | 1 Php Kobo | 1 Photo Gallery Cms Free | 2015-08-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php. | |||||
| CVE-2012-6121 | 1 Roundcube | 1 Webmail | 2015-08-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link. | |||||
| CVE-2015-4294 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2015-08-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766. | |||||
| CVE-2015-4292 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2015-08-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv45818. | |||||
| CVE-2015-6528 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2015-08-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter. | |||||
| CVE-2015-5513 | 1 Niif | 1 Shibboleth Authentication | 2015-08-20 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login link. | |||||
| CVE-2015-5514 | 1 Migrate Project | 1 Migrate | 2015-08-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary web script or HTML via a destination field label. | |||||
| CVE-2015-5500 | 1 Navigate Project | 1 Navigate | 2015-08-20 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5497 | 1 Web Links Project | 1 Web Links | 2015-08-20 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5495 | 1 Mobile Sliding Menu Project | 1 Mobile Sliding Menu | 2015-08-20 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer menu" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5492 | 1 Video Consultation Project | 1 Video Consultation | 2015-08-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6515 | 1 Splunk | 1 Splunk | 2015-08-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header. | |||||
| CVE-2015-6514 | 1 Splunk | 1 Splunk | 2015-08-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||