Total
28117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1409 | 2 Commentluv, Wordpress | 2 Commentluv, Wordpress | 2014-03-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php. | |||||
| CVE-2014-2090 | 1 Ilias | 1 Ilias | 2014-03-03 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter. | |||||
| CVE-2014-2231 | 1 I-doit | 1 I-doit | 2014-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title. | |||||
| CVE-2012-6608 | 1 Elastix | 1 Elastix | 2014-02-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter. | |||||
| CVE-2013-7288 | 1 Mybb | 1 Mybb | 2014-02-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs. | |||||
| CVE-2013-7275 | 1 Mybb | 1 Mybb | 2014-02-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup. | |||||
| CVE-2013-7317 | 1 Cs-cart | 1 Cs-cart | 2014-02-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) ampie.swf, (b) amline.swf, or (c) amcolumn.swf. | |||||
| CVE-2013-7289 | 1 Aphpkb | 1 Aphpkb | 2014-02-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) email, or (4) username parameter. | |||||
| CVE-2012-6633 | 1 Wordpress | 1 Wordpress | 2014-02-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field. | |||||
| CVE-2013-4888 | 1 Springsignage | 1 Xibo | 2014-02-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page. | |||||
| CVE-2013-0234 | 1 Elgg | 1 Elgg | 2014-02-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save. | |||||
| CVE-2014-0814 | 1 Phpmyfaq | 1 Phpmyfaq | 2014-02-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-3933 | 1 Maxxmarketing | 1 Joomshopping | 2014-02-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the JoomShopping (com_joomshopping) component before 4.3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the user_name parameter to index.php. | |||||
| CVE-2011-3206 | 2 Redhat, Rhq-project | 2 Jboss Operations Network, Rhq | 2014-02-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-1413 | 1 I-doit | 1 I-doit | 2014-02-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-7182 | 1 Fortinet | 1 Fortios | 2014-02-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter. | |||||
| CVE-2013-4383 | 2 Dennis Bruecke, Drupal | 2 Jquery Countdown, Drupal | 2014-02-04 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6033 | 1 Lexmark | 9 C52x, C53x, C920 and 6 more | 2014-02-04 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field. | |||||
| CVE-2013-2750 | 1 E107 | 1 E107 | 2014-01-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2010-5295 | 1 Wordpress | 1 Wordpress | 2014-01-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action. | |||||