Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7199 | 1 Mediawiki | 1 Mediawiki | 2014-10-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file. | |||||
| CVE-2012-6316 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2014-10-01 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. | |||||
| CVE-2012-5504 | 1 Plone | 1 Plone | 2014-10-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5502 | 1 Plone | 1 Plone | 2014-10-01 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5494 | 1 Plone | 1 Plone | 2014-10-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate." | |||||
| CVE-2012-5490 | 1 Plone | 1 Plone | 2014-10-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-3065 | 1 Linksys | 2 Ea6500, Ea6500 Firmware | 2014-09-30 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section. | |||||
| CVE-2014-7152 | 1 Mailchimp | 1 Easy Mailchimp Forms Plugin | 2014-09-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-6445 | 1 Contactus | 1 Contact Form 7 Integrations | 2014-09-30 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) uE or (2) uC parameter. | |||||
| CVE-2012-6658 | 1 Spiceworks | 1 Spiceworks | 2014-09-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from CVE-2012-2956 per ADT2 due to different vulnerability types. | |||||
| CVE-2014-5441 | 1 Fatfreecrm | 1 Fat Free Crm | 2014-09-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name in a (a) create or (b) edit user action. | |||||
| CVE-2014-6240 | 1 Google Sitemap Project | 1 Google Sitemap | 2014-09-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar_googlesitemap) extension 0.4.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-5313 | 1 Sixapart | 1 Movabletype | 2014-09-10 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the management page in Six Apart Movable Type before 5.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3900 | 1 Piwigo | 1 Piwigo | 2014-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, a different vulnerability than CVE-2014-4649. | |||||
| CVE-2014-3905 | 1 Tenfourzero | 1 Shutter | 2014-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tenfourzero Shutter 0.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3861 | 1 Hl7 | 1 C-cda | 2014-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element. | |||||
| CVE-2010-5303 | 1 Binarymoon | 1 Timthumb | 2014-08-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString. | |||||
| CVE-2010-5302 | 1 Binarymoon | 1 Timthumb | 2014-08-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | |||||
| CVE-2009-5142 | 2 Binarymoon, Prothemedesign | 2 Timthumb, Mimbo Pro | 2014-08-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter. | |||||
| CVE-2014-5382 | 1 Schrack | 2 Technik Microcontrol, Technik Microcontrol Firmware | 2014-08-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors. | |||||