Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9179 | 1 Supportezzy Ticket System Project | 1 Supportezzy Ticket System | 2014-12-03 | 4.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" field in a new ticket. | |||||
| CVE-2014-9182 | 1 Anchorcms | 1 Anchor Cms | 2014-12-03 | 4.3 MEDIUM | N/A |
| models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header. | |||||
| CVE-2014-3988 | 1 Sunhater | 1 Kcfinder | 2014-12-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name of an uploaded file. | |||||
| CVE-2014-9153 | 1 Services Project | 1 Services | 2014-12-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response. | |||||
| CVE-2014-9098 | 1 Apptha | 1 Contus Video Gallery | 2014-11-28 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the videoadssearchQuery parameter to (1) videoads/videoads.php, (2) video/video.php, or (3) playlist/playlist.php. | |||||
| CVE-2014-9100 | 1 Whydowork Adsense Project | 1 Whydowork Adsense | 2014-11-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydowork_adsense page to wp-admin/options-general.php. | |||||
| CVE-2014-5326 | 1 Directwebremoting | 1 Direct Web Remoting | 2014-11-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-7248 | 1 Ipa | 1 Ilogscanner | 2014-11-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file. | |||||
| CVE-2014-6623 | 1 Arubanetworks | 1 Clearpass | 2014-11-10 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged in user via unspecified vectors. | |||||
| CVE-2014-6620 | 1 Arubanetworks | 1 Clearpass | 2014-11-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8667 | 1 Sap | 1 Hana Web-based Development Workbench | 2014-11-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8622 | 1 Compfight Project | 1 Compfight | 2014-11-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter. | |||||
| CVE-2014-4586 | 1 Wp-football Project | 1 Wp-football | 2014-10-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the wp-football plugin 1.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the league parameter to (1) football_classification.php, (2) football_criteria.php, (3) templates/template_default_preview.php, or (4) templates/template_worldCup_preview.php; the (5) f parameter to football-functions.php; the id parameter in an "action" action to (6) football_groups_list.php, (7) football_matches_list.php, (8) football_matches_phase.php, or (9) football_phases_list.php; or the (10) id_league parameter in a delete action to football_matches_load.php. | |||||
| CVE-2014-5169 | 1 Date Project | 1 Date | 2014-10-24 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title. | |||||
| CVE-2014-8364 | 1 Tim Rohrer | 1 Wordpress Spreadsheet Plugin | 2014-10-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id parameter. | |||||
| CVE-2014-3830 | 1 Tomatocart | 1 Tomatocart | 2014-10-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1.8.6.1 allows remote attackers to inject arbitrary web script or HTML via the faqs_id parameter. | |||||
| CVE-2014-8365 | 1 Xornic | 1 Contact Us | 2014-10-24 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) email parameter to contact.php or (3) PATH_INFO to setup.php, related to the "PHP_SELF" variable. | |||||
| CVE-2014-8303 | 1 Splunk | 1 Splunk | 2014-10-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing. | |||||
| CVE-2014-8302 | 1 Splunk | 1 Splunk | 2014-10-23 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via vectors related to dashboard. | |||||
| CVE-2014-8301 | 1 Splunk | 1 Splunk | 2014-10-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header. | |||||