Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-10019 | 1 Mysimplifiedsql Project | 1 Mysimplifiedsql | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in foxoverflow MySimplifiedSQL. This issue affects some unknown processing of the file MySimplifiedSQL_Examples.php. The manipulation of the argument FirstName/LastName leads to cross site scripting. The attack may be initiated remotely. The patch is named 3b7481c72786f88041b7c2d83bb4f219f77f1293. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217595.
|
|||||
| CVE-2015-10013 | 1 Webdevstudios | 1 Taxonomy Switcher | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3 on WordPress. It has been classified as problematic. Affected is the function taxonomy_switcher_init of the file taxonomy-switcher.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.4 is able to address this issue. It is recommended to upgrade the affected component. VDB-217446 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2015-10010 | 1 Cisco | 1 Openresolve | 2024-11-21 | 2.6 LOW | 3.1 LOW |
|
A vulnerability was found in OpenDNS OpenResolve. It has been rated as problematic. Affected by this issue is the function get of the file resolverapi/endpoints.py of the component API. The manipulation leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The name of the patch is c680170d5583cd9342fe1af43001fe8b2b8004dd. It is recommended to apply a patch to fix this issue. The identifier of thi ...
Show More |
|||||
| CVE-2015-10007 | 1 Weipdcrm Project | 1 Weipdcrm | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217184. NOTE: This vulnerability only affects products that are no longer supported by t ...
Show More |
|||||
| CVE-2015-10006 | 1 Ingnovarq Project | 1 Ingnovarq | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected by this issue is some unknown functionality of the file app/controller/insertarSliderAjax.php. The manipulation of the argument imagetitle leads to cross site scripting. The attack may be launched remotely. The name of the patch is 9d18a39944d79dfedacd754a742df38f99d3c0e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217172.
|
|||||
| CVE-2015-0749 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or ...
Show More |
|||||
| CVE-2014-9919 | 1 Bilboplanet | 1 Bilboplanet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php.
|
|||||
| CVE-2014-9918 | 1 Bilboplanet | 1 Bilboplanet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php.
|
|||||
| CVE-2014-9917 | 1 Bilboplanet | 1 Bilboplanet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter.
|
|||||
| CVE-2014-9615 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php.
|
|||||
| CVE-2014-9608 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
|||||
| CVE-2014-9607 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
|
|||||
| CVE-2014-9606 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.ph ...
Show More |
|||||
| CVE-2014-9470 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search.
|
|||||
| CVE-2014-9405 | 1 Free | 1 Freebox Os | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code.
|
|||||
| CVE-2014-9211 | 1 Clickdesk | 1 Clickdesk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ClickDesk version 4.3 and below has persistent cross site scripting
|
|||||
| CVE-2014-9126 | 1 Open-school | 1 Open-school | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php.
|
|||||
| CVE-2014-8944 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.
|
|||||
| CVE-2014-8780 | 1 Jease | 1 Jease | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note.
|
|||||
| CVE-2014-8674 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code.
|
|||||
| CVE-2014-8597 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel.
|
|||||
| CVE-2014-8490 | 1 Tennisconnect | 1 Components | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9.927 allows remote attackers to inject arbitrary web script or HTML via the pid parameter to index.cfm.
|
|||||
| CVE-2014-8338 | 1 Videowhisper | 1 Webcam | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter.
|
|||||
| CVE-2014-7238 | 1 Formget | 1 Contact Form Integrated With Google Maps | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS
|
|||||
| CVE-2014-6604 | 1 Subscribe2 Project | 1 Subscribe2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter.
|
|||||
| CVE-2014-6447 | 1 Juniper | 1 Junos | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1.
|
|||||
| CVE-2014-6420 | 1 Livefyre | 1 Livecomments | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture.
|
|||||
| CVE-2014-6413 | 1 Watchguard | 1 Fireware Xtm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script.
|
|||||
| CVE-2014-6169 | 1 Ibm | 1 Forms Experience Builder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777.
|
|||||
| CVE-2014-6071 | 1 Jquery | 1 Jquery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.
|
|||||
| CVE-2014-6027 | 1 Torrentflux Project | 1 Torrentflux | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details.
|
|||||
| CVE-2014-5500 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Synacor Zimbra Collaboration before 8.0.8 has XSS.
|
|||||
| CVE-2014-5069 | 1 Microsemi | 2 S350i, S350i Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs.
|
|||||
| CVE-2014-5039 | 1 Eucalyptus | 1 Eucalyptus Management Console | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2014-4932 | 1 Wordfence | 1 Wordfence Security | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the val parameter to whois.php.
|
|||||
| CVE-2014-4913 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ZF2014-03 has a potential cross site scripting vector in multiple view helpers
|
|||||
| CVE-2014-4612 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2014-4592 | 1 Czepol | 1 Wp-planet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.
|
|||||
| CVE-2014-4567 | 1 Videowhisper | 1 Video Comments Webcam Recorder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
|||||
| CVE-2014-4561 | 1 Ultimate-weather Project | 1 Ultimate-weather | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The ultimate-weather plugin 1.0 for WordPress has XSS
|
|||||