Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8617 | 1 Fortinet | 1 Fortimail | 2015-11-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol. | |||||
| CVE-2015-6372 | 1 Cisco | 1 Firepower Extensible Operating System | 2015-11-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux10614. | |||||
| CVE-2015-8233 | 1 Mayo Project | 1 Mayo | 2015-11-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the "Administer themes" permission to inject arbitrary web script or HTML via unspecified vectors related to theme settings. | |||||
| CVE-2012-4437 | 1 Smarty | 1 Smarty | 2015-11-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception. | |||||
| CVE-2014-5212 | 1 Novell | 1 Edirectory | 2015-11-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter. | |||||
| CVE-2015-8006 | 1 Pagetriage Project | 1 Pagetriage | 2015-11-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the PageTriage toolbar in the PageTriage extension for MediWiki allows remote attackers to inject arbitrary web script or HTML via the page title. | |||||
| CVE-2015-1995 | 1 Ibm | 1 Security Qradar Incident Forensics | 2015-11-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-3186 | 1 Apache | 1 Ambari | 2015-11-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change. | |||||
| CVE-2015-8038 | 1 Fortinet | 1 Fortimanager Firmware | 2015-11-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog. | |||||
| CVE-2015-8037 | 1 Fortinet | 1 Fortimanager Firmware | 2015-11-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory. | |||||
| CVE-2015-0594 | 1 Cisco | 2 Prime Lan Management Solution, Security Manager | 2015-11-02 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263. | |||||
| CVE-2015-0656 | 1 Cisco | 3 Network Analysis Module 2304, Network Analysis Module 2320, Network Analysis Module Firmware | 2015-11-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269. | |||||
| CVE-2015-0655 | 1 Cisco | 1 Unified Web And E-mail Interaction Manager | 2015-11-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184. | |||||
| CVE-2015-5670 | 1 Techno Project Japan | 1 Enisys Gw | 2015-10-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2224 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2015-10-29 | 4.3 MEDIUM | N/A |
| The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
| CVE-2015-6494 | 1 Infinite Automation Systems | 1 Mango Automation | 2015-10-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6488 | 1 Rockwellautomation | 2 Micrologix 1100 Firmware, Micrologix 1400 Firmware | 2015-10-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-3970 | 1 Janitza | 5 Umg 508, Umg 509, Umg 511 and 2 more | 2015-10-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8671 | 1 Gwt Mobile Phonegap Showcase Project | 1 Gwt Mobile Phonegap Showcase | 2015-10-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the GWT Mobile PhoneGap Showcase application for Android allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name field. | |||||
| CVE-2015-7822 | 1 Kentico | 1 Kentico Cms | 2015-10-22 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the default URI. | |||||