Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5002 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-12-31 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php. | |||||
| CVE-2013-5583 | 1 Joomla | 1 Joomla\! | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2013-7365 | 1 Sap | 1 Enterprise Portal | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2013-5094 | 1 Mcafee | 1 Vulnerability Manager | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter. | |||||
| CVE-2015-0343 | 1 Adobe | 1 Connect | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2013-5951 | 1 Extplorer | 1 Extplorer | 2016-12-31 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3) copy_move.php, (4) functions.php, (5) header.php, or (6) upload.php in include/. | |||||
| CVE-2013-2205 | 1 Wordpress | 1 Wordpress | 2016-12-31 | 4.3 MEDIUM | N/A |
| The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. | |||||
| CVE-2013-7250 | 1 Projectforge | 1 Projectforge | 2016-12-31 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java. | |||||
| CVE-2015-2960 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-4135 | 1 Phpwind | 1 Phpwind | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2013-2031 | 2 Gentoo, Mediawiki | 2 Linux, Mediawiki | 2016-12-31 | 4.3 MEDIUM | N/A |
| MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox. | |||||
| CVE-2013-4995 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-12-31 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information. | |||||
| CVE-2013-5005 | 1 Tripwire | 1 Tripwire Enterprise | 2016-12-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_target_class_name, (2) m_target_method_name, or (3) m_request_context_params parameters. | |||||
| CVE-2013-7258 | 1 Web2ldap | 1 Web2ldap | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "displaying group DN and entry data in group administration UI." | |||||
| CVE-2015-0344 | 1 Adobe | 1 Connect | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-7368 | 1 Raoul Proenca | 1 Gnew | 2016-12-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles/index.php, or (3) admin/polls.php; (4) category_id parameter to news/submit.php; news_id parameter to (5) news/send.php or (6) comments/add.php; or (7) post_subject or (8) thread_id parameter to posts/edit.php. | |||||
| CVE-2016-2934 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-1978 | 1 Ibm | 1 Tivoli Directory Server | 2016-12-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-9681 | 1 S9y | 1 Serendipity | 2016-12-30 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name. | |||||
| CVE-2015-4198 | 1 Cisco | 1 Web Security Appliance | 2016-12-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409. | |||||