Vulnerabilities (CVE)

Filtered by CWE-79
Total 36870 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-8674 1 Soplanning 1 Soplanning 2024-11-21 3.5 LOW 5.4 MEDIUM
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code.
CVE-2014-8597 1 Php-fusion 1 Phpfusion 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel.
CVE-2014-8490 1 Tennisconnect 1 Components 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9.927 allows remote attackers to inject arbitrary web script or HTML via the pid parameter to index.cfm.
CVE-2014-8338 1 Videowhisper 1 Webcam 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter.
CVE-2014-7238 1 Formget 1 Contact Form Integrated With Google Maps 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS
CVE-2014-6604 1 Subscribe2 Project 1 Subscribe2 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter.
CVE-2014-6447 1 Juniper 1 Junos 2024-11-21 5.8 MEDIUM 7.1 HIGH
Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1.
CVE-2014-6420 1 Livefyre 1 Livecomments 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture.
CVE-2014-6413 1 Watchguard 1 Fireware Xtm 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script.
CVE-2014-6169 1 Ibm 1 Forms Experience Builder 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777.
CVE-2014-6071 1 Jquery 1 Jquery 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.
CVE-2014-6027 1 Torrentflux Project 1 Torrentflux 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details.
CVE-2014-5500 1 Synacor 1 Zimbra Collaboration Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Synacor Zimbra Collaboration before 8.0.8 has XSS.
CVE-2014-5069 1 Microsemi 2 S350i, S350i Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs.
CVE-2014-5039 1 Eucalyptus 1 Eucalyptus Management Console 2024-11-21 6.8 MEDIUM 9.6 CRITICAL
Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4932 1 Wordfence 1 Wordfence Security 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the val parameter to whois.php.
CVE-2014-4913 2 Debian, Zend 2 Debian Linux, Zend Framework 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
ZF2014-03 has a potential cross site scripting vector in multiple view helpers
CVE-2014-4612 1 Coppermine-gallery 1 Coppermine Photo Gallery 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4592 1 Czepol 1 Wp-planet 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2014-4567 1 Videowhisper 1 Video Comments Webcam Recorder 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter.