Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8330 | 1 Espocrm | 1 Espocrm | 2014-10-22 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in EspoCRM allows remote authenticated users to inject arbitrary web script or HTML via the Name field in a new account. | |||||
| CVE-2014-6312 | 1 Login Widget With Shortcode Project | 1 Login Widget With Shortcode | 2014-10-22 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the custom_style_afo parameter on the login_widget_afo page to wp-admin/options-general.php. | |||||
| CVE-2014-8765 | 1 Drupal | 1 Project Issue File Review | 2014-10-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the "manage PIFR environments" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page. | |||||
| CVE-2014-6313 | 1 Woothemes | 1 Woocommerce Plugin | 2014-10-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php. | |||||
| CVE-2014-7200 | 1 Kevin Renskers | 1 Dmmjobcontrol | 2014-10-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via the tx_dmmjobcontrol_pi1[search][keyword] parameter to jobs/. | |||||
| CVE-2014-8293 | 1 Php Resource | 1 Voice Of Web Allmyguests | 2014-10-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the AMG_signin_topic parameter to index.php. | |||||
| CVE-2014-8069 | 1 Yootheme | 1 Pagekit | 2014-10-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to index.php/user or (2) PATH_INFO to index.php. | |||||
| CVE-2014-8304 | 1 In-portal | 1 In-portal | 2014-10-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the next_template parameter to admin/index.php. | |||||
| CVE-2014-5273 | 1 Phpmyadmin | 1 Phpmyadmin | 2014-10-16 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php. | |||||
| CVE-2014-8748 | 1 Drupal | 1 Doubleclick For Publishers | 2014-10-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name. | |||||
| CVE-2014-3147 | 1 Splunk | 1 Splunk | 2014-10-10 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file. | |||||
| CVE-2014-7982 | 1 Joomla | 1 Joomla\! | 2014-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-7983 | 1 Joomla | 1 Joomla\! | 2014-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-6631 | 1 Joomla | 1 Joomla\! | 2014-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-7980 | 1 Drupal | 1 Zen | 2014-10-09 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings. | |||||
| CVE-2014-7870 | 1 Drupal | 1 Custom Search Module | 2014-10-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the "administer custom search" permission to inject arbitrary web script or HTML via the "Label text" field to admin/config/search/custom_search/results. | |||||
| CVE-2014-7869 | 1 Drupal | 1 Context Form Alteration Module | 2014-10-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer contexts" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-6294 | 1 External Links Click Statistics Project | 1 External Links Click Statistics | 2014-10-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-6296 | 1 Wec Map Project | 1 Wec Map | 2014-10-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-6297 | 1 Mm Forum Project | 1 Mm Forum | 2014-10-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||