Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5276 | 1 Pro Chat Rooms | 1 Text Chat Rooms | 2025-04-12 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.
|
|||||
| CVE-2014-8022 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776.
|
|||||
| CVE-2015-2764 | 1 Websense | 1 Triton Ap Data | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-DATA before 8.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the DSS (1) Mobile or (2) DLP report catalog.
|
|||||
| CVE-2014-0046 | 1 Emberjs | 1 Ember.js | 2025-04-12 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute.
|
|||||
| CVE-2014-2512 | 1 Emc | 1 Documentum Eroom | 2025-04-12 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2014-2334 | 1 Fortinet | 1 Fortianalyzer Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
|
|||||
| CVE-2012-1503 | 1 Sixapart | 1 Movable Type | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.
|
|||||
| CVE-2014-4580 | 1 Wp Blipbot Project | 1 Wp Blipbot | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in blipbot.ajax.php in the WP BlipBot plugin 3.0.9 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the BlipBotID parameter.
|
|||||
| CVE-2015-1917 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2015-0139 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2015-0738 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCuu16008.
|
|||||
| CVE-2015-2827 | 1 Broadcom | 1 Spectrum | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2014-4531 | 1 Game Tabs Project | 1 Game Tabs | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in main_page.php in the Game tabs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the n parameter.
|
|||||
| CVE-2012-6658 | 1 Spiceworks | 1 Spiceworks | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from CVE-2012-2956 per ADT2 due to different vulnerability types.
|
|||||
| CVE-2014-8653 | 1 Compal Broadband Networks | 3 Cg6640e Wireless Gateway, Ch664oe Wireless Gateway, Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie.
|
|||||
| CVE-2014-2291 | 1 Juniper | 1 Ive Os | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2014-2006 | 1 Intercom | 1 Web Kyukincho | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-6692 | 1 Yoast | 1 Wordpress Seo | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in the WordPress SEO by Yoast plugin before 2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_title parameter to wp-admin/post-new.php, which is not properly handled in the snippet preview functionality.
|
|||||
| CVE-2014-3758 | 1 Karlen Walter | 1 Si Bibtex | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via vectors related to the import functionality.
|
|||||
| CVE-2014-9017 | 1 Openkm | 1 Openkm | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.
|
|||||
| CVE-2016-1230 | 1 Ntt | 1 Webarena Service Formmail | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2014-8296 | 1 Drupal | 1 Modal Frame | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Modal Frame API module 6.x-1.x before 6.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2016-1000147 | 1 Recipes-writer Project | 1 Recipes-writer | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected XSS in wordpress plugin recipes-writer v1.0.4
|
|||||
| CVE-2014-6237 | 1 News Pack Project | 1 News Pack | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the News Pack extension 0.1.0 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2014-0089 | 1 Theforeman | 1 Foreman | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.
|
|||||
| CVE-2013-3487 | 2 Ait-pro, Wordpress | 2 Bulletproof-security, Wordpress | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php.
|
|||||
| CVE-2015-5732 | 1 Wordpress | 1 Wordpress | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.
|
|||||
| CVE-2015-6805 | 1 Medhabidotcom | 1 Mdc Private Message | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message.
|
|||||
| CVE-2013-5939 | 1 Phpcms | 1 Guesbook Module | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote attackers to inject arbitrary web script or HTML via the (1) list or (2) introduce parameter to index.php.
|
|||||
| CVE-2015-3361 | 1 Linkit Project | 1 Linkit | 2025-04-12 | 2.1 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-3.3 for Drupal, when the node search plugin is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a node title.
|
|||||
| CVE-2014-3548 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog.
|
|||||
| CVE-2014-2246 | 1 Siemens | 1 Simatic S7-1500 Cpu Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2016-4585 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.
|
|||||
| CVE-2012-5502 | 1 Plone | 1 Plone | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2016-6840 | 1 Huawei | 1 Oceanstor Ism | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors.
|
|||||
| CVE-2012-1417 | 1 Yealink | 14 Gigabit Color Ip Phone Sip-t32g, Gigabit Color Ip Phone Sip-t38g, Ip Phone Sip-t19p and 11 more | 2025-04-12 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.
|
|||||
| CVE-2016-1000119 | 1 Huge-it | 1 Catalog | 2025-04-12 | 6.5 MEDIUM | 7.2 HIGH |
|
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
|
|||||
| CVE-2015-1906 | 1 Ibm | 1 Business Process Manager | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2015-5064 | 1 Mysql-lite-administrator Project | 1 Mysql-lite-administrator | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite Administrator (mysql-lite-administrator) beta-1 allow remote attackers to inject arbitrary web script or HTML via the table_name parameter to (1) tabella.php, (2) coloni.php, or (3) insert.php or (4) num_row parameter to coloni.php.
|
|||||
| CVE-2014-10036 | 1 Jetbrains | 1 Teamcity | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.
|
|||||