Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 34649 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7307 1 Drupaldise 1 Cms Updater 2015-09-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the configuration page.
CVE-2015-7304 1 Drupaljedi 1 Amocrm 2015-09-23 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data.
CVE-2015-5992 1 Philippine Long Distance Telephone 4 Kasda Kw58293, Kasda Kw58293 Firmware, Speedsurf 504an and 1 more 2015-09-22 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter.
CVE-2015-7232 1 Structured Dynamics 1 Open Semantic Framework 2015-09-18 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6920 1 Sourceafrica Project 1 Sourceafrica 2015-09-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.
CVE-2014-9475 1 Mediawiki 1 Mediawiki 2015-09-17 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.
CVE-2015-6969 1 S9y 1 Serendipity 2015-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.
CVE-2014-5088 1 Status2k 1 Status2k 2015-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php.
CVE-2014-4958 1 Telerik 1 Asp.net Ajax Radeditor Control 2015-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or HTML via CSS expressions in style attributes.
CVE-2014-4854 1 Smartcatdesign 1 Wp Contruction Mode 2015-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuc_logo parameter in a save action to wp-admin/admin.php.
CVE-2014-3266 1 Cisco 1 Security Manager 2015-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189.
CVE-2014-2192 1 Cisco 1 Unified Web And E-mail Interaction Manager 2015-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033.
CVE-2014-2125 1 Cisco 1 Unity Connection 2015-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.
CVE-2014-2118 1 Cisco 1 Prime Security Manager 2015-09-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687.
CVE-2014-2114 1 Cisco 1 Emergency Responder 2015-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.
CVE-2014-2104 1 Cisco 1 Unified Communications Domain Manager 2015-09-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113.
CVE-2014-0735 1 Cisco 1 Unified Communications Manager 2015-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.
CVE-2014-0723 1 Cisco 1 Unified Communications Manager 2015-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.
CVE-2015-5630 1 Ntt-bp 1 Japan Connected-free Wi-fi 2015-09-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID.
CVE-2015-6466 1 Moxa 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more 2015-09-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field.