Total
28677 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9243 | 1 Websitebaker | 1 Websitebaker | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5) news/modify_post.php, or (6) news/modify_settings.php in wb/modules/. | |||||
| CVE-2014-3678 | 1 Jenkins-ci | 1 Monitoring Plugin | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4853 | 1 Opendocman | 1 Opendocman | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file. | |||||
| CVE-2013-3087 | 1 Belkin | 1 N900 | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 router allow remote attackers to inject arbitrary web script or HTML via the (1) ssid2 parameter to wl_channel.html or (2) guest_psk parameter to wl_guest.html. | |||||
| CVE-2014-4301 | 1 Ajenti | 1 Ajenti | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page. | |||||
| CVE-2013-6301 | 1 Ibm | 1 Algo One | 2024-02-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6320, and CVE-2013-6333. | |||||
| CVE-2014-8110 | 1 Apache | 1 Activemq | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4582 | 1 Wp Consultant Project | 1 Wp Consultant | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.php in the WP Consultant plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the dialog_id parameter. | |||||
| CVE-2014-3832 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function. | |||||
| CVE-2014-5317 | 1 Php365 | 4 365 Links, 365 Links2, 365 Links\+ and 1 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 and earlier, 365 Links2 3.11 and earlier, 365 Links+ 2.10 and earlier, and 365 Links2+ 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-5193 | 2 Phpace, Wordpress | 2 Samswhois, Wordpress | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194. | |||||
| CVE-2012-3528 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1606 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-2630 | 1 Broadcom | 1 Service Desk Manager | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12.5 through 12.7 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2012-6458 | 1 Silverstripe | 1 Silverstripe | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or the (4) FirstName or (5) Surname parameter to code/forms/ShopAccountForm.php. | |||||
| CVE-2013-5504 | 1 Cisco | 1 Identity Services Engine Software | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266. | |||||
| CVE-2013-0324 | 2 Drupal, Tomasbarej | 2 Drupal, Menu Reference | 2024-02-04 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title. | |||||
| CVE-2013-4676 | 1 Symantec | 1 Backup Exec | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console; or (4) a Backup Exec server-management page in the beutility console. | |||||
| CVE-2013-5379 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality. | |||||
| CVE-2012-2916 | 2 Dlo, Wordpress | 2 Simple Anti Bot Registration Engine Plugin, Wordpress | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php. | |||||