Total
36870 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-8674 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code. | |||||
CVE-2014-8597 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel. | |||||
CVE-2014-8490 | 1 Tennisconnect | 1 Components | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9.927 allows remote attackers to inject arbitrary web script or HTML via the pid parameter to index.cfm. | |||||
CVE-2014-8338 | 1 Videowhisper | 1 Webcam | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. | |||||
CVE-2014-7238 | 1 Formget | 1 Contact Form Integrated With Google Maps | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS | |||||
CVE-2014-6604 | 1 Subscribe2 Project | 1 Subscribe2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter. | |||||
CVE-2014-6447 | 1 Juniper | 1 Junos | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1. | |||||
CVE-2014-6420 | 1 Livefyre | 1 Livecomments | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture. | |||||
CVE-2014-6413 | 1 Watchguard | 1 Fireware Xtm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. | |||||
CVE-2014-6169 | 1 Ibm | 1 Forms Experience Builder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777. | |||||
CVE-2014-6071 | 1 Jquery | 1 Jquery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after. | |||||
CVE-2014-6027 | 1 Torrentflux Project | 1 Torrentflux | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details. | |||||
CVE-2014-5500 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Synacor Zimbra Collaboration before 8.0.8 has XSS. | |||||
CVE-2014-5069 | 1 Microsemi | 2 S350i, S350i Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs. | |||||
CVE-2014-5039 | 1 Eucalyptus | 1 Eucalyptus Management Console | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-4932 | 1 Wordfence | 1 Wordfence Security | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the val parameter to whois.php. | |||||
CVE-2014-4913 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
ZF2014-03 has a potential cross site scripting vector in multiple view helpers | |||||
CVE-2014-4612 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-4592 | 1 Czepol | 1 Wp-planet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
CVE-2014-4567 | 1 Videowhisper | 1 Video Comments Webcam Recorder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter. |