Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6584 | 1 Sprymedia | 1 Datatables | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php. | |||||
| CVE-2015-5956 | 1 Typo3 | 1 Typo3 | 2018-10-09 | 3.5 LOW | N/A |
| The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php. | |||||
| CVE-2015-6945 | 1 Jsp\/mysql Administrador Web Project | 1 Jsp\/mysql Administrador Web | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to inject arbitrary web script or HTML via the bd parameter to sys/sys/listaBD2.jsp. | |||||
| CVE-2015-5375 | 1 Open-xchange | 2 Open-xchange Appsuite, Open-xchange Server | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties. | |||||
| CVE-2015-5066 | 1 Metalgenix | 1 Genixcms | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php. | |||||
| CVE-2015-4084 | 1 Free-counter | 1 Free Counter | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-6529 | 1 Phpipam | 1 Phpipam | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php. | |||||
| CVE-2015-4687 | 1 Ellucian | 1 Banner Student | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-4427 | 1 Ektron | 1 Ektron Content Management System | 2018-10-09 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter. | |||||
| CVE-2015-2275 | 1 Wotlab | 1 Community Gallery | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter in a saveImageData action to index.php/AJAXProxy. | |||||
| CVE-2015-2195 | 1 Wp Media Cleaner Project | 1 Wp Media Cleaner | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3) s parameter in the wp-media-cleaner page to wp-admin/upload.php. | |||||
| CVE-2015-2223 | 1 Palo Alto Networks | 1 Traps | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the (1) Arguments, (2) FileName, or (3) URL parameter in a SOAP request. | |||||
| CVE-2015-3443 | 1 Thycotic | 1 Secret Server | 2018-10-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask. | |||||
| CVE-2015-2072 | 1 Sap | 1 Hana | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676. | |||||
| CVE-2015-3647 | 1 Wppa.opajaap | 1 Wp-photo-album-plus | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action. | |||||
| CVE-2015-2677 | 1 Ocportal | 1 Ocportal | 2018-10-09 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the (1) title or (2) text field in the cms_calendar page to cms/index.php; unspecified fields in (3) the cms_polls page to cms/index.php or (4) a new topic in the topics page to forum/index.php; or (5) a new PT (private topic/private message) in the topics page to forum/index.php. | |||||
| CVE-2015-2702 | 1 Websense | 4 Triton Ap Data, Triton Ap Email, Triton Ap Web and 1 more | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via the sender address in an email. | |||||
| CVE-2015-2840 | 1 Citrix | 1 Netscaler | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter. | |||||
| CVE-2015-2351 | 1 Alkacon | 1 Opencms | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp, (2) workplaceresource parameter to system/workplace/locales/en/help/index.html, (3) path parameter to system/workplace/views/admin/admin-main.jsp, (4) mode parameter to system/workplace/views/explorer/explorer_files.jsp, or (5) query parameter in a search action to system/modules/org.opencms.workplace.help/elements/search.jsp. | |||||
| CVE-2015-2690 | 1 Digium | 1 Addons Module | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the (1) add_license_key, (2) add_license_first_name, (3) add_license_last_name, (4) add_license_company, (5) add_license_address1, (6) add_license_address2, (7) add_license_city, (8) add_license_state, (9) add_license_post_code, (10) add_license_country, (11) add_license_phone, or (12) add_license_email parameter in an add-license-form page to admin/config.php. | |||||