Total
28755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5855 | 1 Oracle | 1 Mojarra | 2024-02-04 | 4.3 MEDIUM | N/A |
| Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors. | |||||
| CVE-2014-2670 | 1 Zohocorp | 1 Manageengine Opstor | 2024-02-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344. | |||||
| CVE-2014-8954 | 1 Codecanyon | 1 Phpsound | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php. | |||||
| CVE-2014-5235 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds. | |||||
| CVE-2014-0531 | 4 Adobe, Apple, Linux and 1 more | 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0532 and CVE-2014-0533. | |||||
| CVE-2013-6726 | 1 Ibm | 1 Tririga Application Platform | 2024-02-04 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-0828 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-100037 | 1 Storytlr | 1 Storytlr | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to archives/. | |||||
| CVE-2015-1575 | 1 Yuba | 1 U5cms | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php; the (5) a or (6) b parameter to u5admin/cookie.php; the name parameter to (7) copy.php or (8) delete.php in u5admin/; the (9) f or (10) typ parameter to u5admin/deletefile.php; the (11) n parameter to u5admin/done.php; the (12) c parameter to u5admin/editor.php; the (13) uri parameter to u5admin/meta2.php; the (14) n parameter to u5admin/notdone.php; the (15) newname parameter to u5admin/rename2.php; the (16) l parameter to u5admin/sendfile.php; the (17) s parameter to u5admin/characters.php; the (18) page parameter to u5admin/savepage.php; or the (19) name parameter to u5admin/new2.php. | |||||
| CVE-2014-4543 | 1 Pay Per Media Player Project | 1 Pay Per Media Player | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.php in the Pay Per Media Player plugin 1.24 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fcolor, (2) links, (3) stitle, (4) height, (5) width, (6) host, (7) bcolor, (8) msg, (9) id, or (10) size parameter. | |||||
| CVE-2014-6113 | 1 Ibm | 1 Tivoli Endpoint Manager | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4189 | 1 Hitachi | 2 Jp1\/performance Management-manager Web Option, Tuning Manager | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8658 | 1 Refinedwiki | 1 Refinedwiki Original Theme | 2024-02-04 | 4.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit content to inject arbitrary web script or HTML via the versionComment parameter to pages/doeditpage.action. | |||||
| CVE-2014-0670 | 1 Cisco | 1 Mediasense | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686. | |||||
| CVE-2014-5188 | 1 Lyris | 1 List Manager | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in doemailpassword.tml in Lyris ListManager (LM) 8.95a allows remote attackers to inject arbitrary web script or HTML via the EmailAddr parameter. | |||||
| CVE-2014-8902 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-8381 | 1 Megapolis | 1 Megapolis.portal Manager | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Megapolis.Portal Manager allow remote attackers to inject arbitrary web script or HTML via the (1) dateFrom or (2) dateTo parameter. | |||||
| CVE-2014-4542 | 1 Ooorl Project | 1 Ooorl | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2014-4604 | 1 Your-text-manager Project | 1 Your-text-manager | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in the Your Text Manager plugin 0.3.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ytmpw parameter. | |||||
| CVE-2014-6137 | 1 Ibm | 1 Tivoli Endpoint Manager | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||