Total
28752 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3550 | 1 Moodle | 1 Moodle | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task. | |||||
| CVE-2014-2120 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025. | |||||
| CVE-2014-2026 | 1 Unitedplanet | 1 Intrexx | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter. | |||||
| CVE-2014-9580 | 1 Projectsend | 1 Projectsend | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information. | |||||
| CVE-2014-0362 | 1 Google | 1 Search Appliance Software | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element. | |||||
| CVE-2014-4946 | 1 Horde | 2 Groupware, Internet Mail Program | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view. | |||||
| CVE-2014-4598 | 1 Wp-tmkm-amazon Project | 1 Wp-tmkm-amazon | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php in the wp-tmkm-amazon plugin 1.5b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the AID parameter. | |||||
| CVE-2014-1968 | 1 Riken | 1 Xoonips | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-5105 | 1 Ol-commerce Project | 1 Ol-commerce | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate_signup.php or (2) entry_country_id parameter in an edit action to admin/create_account.php. | |||||
| CVE-2015-1566 | 1 Dotnetnuke | 1 Dotnetnuke | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-0338 | 1 Watchguard | 1 Fireware | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via the pol_name parameter. | |||||
| CVE-2014-5193 | 1 Sphider | 1 Sphider | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082. | |||||
| CVE-2011-5297 | 1 Ttfreeware | 1 Tigertoms Chat Room | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TTChat 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter to default.php or (2) the username parameter to chat_form.php. | |||||
| CVE-2015-1050 | 1 F5 | 1 Big-ip Application Security Manager | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account. | |||||
| CVE-2014-4032 | 1 Fiyo | 1 Fiyo Cms | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field. | |||||
| CVE-2014-3474 | 2 Openstack, Opensuse | 2 Horizon, Opensuse | 2024-02-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name. | |||||
| CVE-2014-3943 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters. | |||||
| CVE-2015-2275 | 1 Wotlab | 1 Community Gallery | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter in a saveImageData action to index.php/AJAXProxy. | |||||
| CVE-2014-8303 | 1 Splunk | 1 Splunk | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing. | |||||
| CVE-2015-0714 | 1 Cisco | 1 Finesse | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595. | |||||