Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Angry Yack Logo
Total 42233 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2335 1 Fortinet 1 Fortianalyzer Firmware 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
CVE-2015-7370 1 Revive-adserver 1 Revive Adserver 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026, allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data-file parameter.
CVE-2014-10003 1 Maian Script World 1 Maian Uploader 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php.
CVE-2014-9517 1 Dlink 2 Dcs-2103, Dcs-2103 Firmware 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm.
CVE-2015-4198 1 Cisco 1 Web Security Appliance 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409.
CVE-2014-9580 1 Projectsend 1 Projectsend 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information.
CVE-2014-0874 1 Ibm 1 Content Navigator 2025-04-12 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter.
CVE-2015-7997 1 Citrix 3 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware, Netscaler Service Delivery Appliance Service Vm 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1603 1 Adminsystems Cms Project 1 Adminsystems Cms 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id parameter in a users_users action to asys/site/system.php.
CVE-2015-6753 1 Quick Edit Project 1 Quick Edit 2025-04-12 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) entity title, related to in-place editing, or a (2) node title.
CVE-2016-7463 1 Vmware 1 Esxi 2025-04-12 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM.
CVE-2015-6584 1 Sprymedia 1 Datatables 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php.
CVE-2016-1173 1 Hiniarata 1 Casebook Plugin 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1298 1 Cisco 1 Unified Contact Center Express 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033.
CVE-2015-0193 1 Ibm 2 Business Process Manager, Websphere 2025-04-12 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition.
CVE-2015-1032 1 Kiwix 1 Kiwix 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Kiwix before 0.9.1, when using kiwix-serve, allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to /search.
CVE-2014-4032 1 Fiyo 1 Fiyo Cms 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field.
CVE-2015-1041 1 E107 1 E107 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING.
CVE-2016-1937 2 Mozilla, Opensuse 3 Firefox, Leap, Opensuse 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.
CVE-2012-1600 2 Opensuse, Phppgadmin Project 2 Opensuse, Phppgadmin 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.
CVE-2013-1409 2 Commentluv, Wordpress 2 Commentluv, Wordpress 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php.
CVE-2016-5099 2 Opensuse, Phpmyadmin 2 Opensuse, Phpmyadmin 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.
CVE-2014-9004 1 Vld Interactive 1 Vldpersonals 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php.
CVE-2015-6809 1 Bedita 1 Bedita 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection.
CVE-2015-2531 1 Microsoft 2 Lync Server, Skype For Business Server 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability."
CVE-2016-0390 1 Ibm 1 Algo One 2025-04-12 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-3274 1 Moodle 1 Moodle 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service.
CVE-2014-4529 2 Flash Photo Gallery Project, Wordpress 2 Flash Photo Gallery, Wordpress 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Flash Photo Gallery plugin 0.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter.
CVE-2014-2553 1 Otrs 1 Otrs 2025-04-12 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields.
CVE-2014-3013 1 Ibm 1 Curam Social Program Management 2025-04-12 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer.
CVE-2015-7252 1 Zte 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter.
CVE-2015-6061 1 Microsoft 3 Lync, Lync Room System, Skype For Business 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script or HTML via an instant-message session, aka "Server Input Validation Information Disclosure Vulnerability."
CVE-2015-0176 1 Ibm 1 Websphere Mq 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response.
CVE-2016-2954 1 Ibm 1 Connections 2025-04-12 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2956 and CVE-2016-3008.
CVE-2016-4170 1 Adobe 1 Experience Manager 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3025 1 Ibm 11 Maximo Asset Management, Maximo Asset Management Essentials, Maximo For Government and 8 more 2025-04-12 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp fil ...

Show More
CVE-2015-4260 1 Cisco 1 Hosted Collaboration Solution 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cisco Hosted Collaboration Solution 10.6(1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu14862.
CVE-2013-7341 2 Flowplayer, Moodle 2 Flowplayer Flash, Moodle 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.
CVE-2014-7183 1 Litecart 1 Litecart 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.
CVE-2012-1302 1 Ammap Project 1 Ammap 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf.