Total
28117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3134 | 1 Sap | 1 Businessobjects | 2014-05-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2854 | 1 Semantictitle Project | 1 Semantictitle | 2014-05-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the SemanticTitle extension before 1.1.0 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-5916 | 1 Bradesco Gateway Plugin Project | 1 Bradesco Gateway | 2014-05-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | |||||
| CVE-2014-3207 | 1 Sks Keyserver Project | 1 Sks Keyserver | 2014-05-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1. | |||||
| CVE-2014-3123 | 1 Wpgetready | 1 Nextcellent Gallery | 2014-05-09 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arbitrary web script or HTML via the "Alt & Title Text" field. | |||||
| CVE-2014-0149 | 1 Redhat | 1 Jboss Web Framework Kit | 2014-05-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name. | |||||
| CVE-2014-2553 | 1 Otrs | 1 Otrs | 2014-05-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields. | |||||
| CVE-2013-2504 | 1 Matrix42 | 1 Service Store | 2014-05-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2012-6514 | 2 Joomla, Netshinesoftware | 2 Joomla\!, Com Netinvoice | 2014-05-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php. | |||||
| CVE-2014-2260 | 1 Ajenti | 1 Ajenti | 2014-05-01 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality. | |||||
| CVE-2013-7064 | 1 Freelance-it-consultant | 1 Eu Cookie Compliance | 2014-04-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values. | |||||
| CVE-2013-4722 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2014-04-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter. | |||||
| CVE-2013-3069 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2014-04-25 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page. | |||||
| CVE-2013-2025 | 1 Ushahidi | 1 Ushahidi Platform | 2014-04-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-5956 | 1 Joomlaboat | 1 Com Youtubegallery | 2014-04-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter. | |||||
| CVE-2014-2393 | 1 Open-xchange | 1 Open-xchange Appsuite | 2014-04-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment. | |||||
| CVE-2012-6623 | 1 Vasthtml | 1 Forumpress | 2014-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php in the ForumPress WP Forum Server plugin before 1.7.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the groupid parameter in an addforum action to wp-admin/admin.php. | |||||
| CVE-2014-2890 | 1 Siege | 1 Phpmyid | 2014-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.config.php when the openid.mode parameter is set to error, which is not properly handled in an error message. | |||||
| CVE-2014-2844 | 1 F-secure | 1 Secure Messaging Secure Gateway | 2014-04-21 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the SysUser module to admin. | |||||
| CVE-2013-2209 | 1 Reviewboard | 1 Review Board | 2014-04-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name. | |||||