Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3870 | 1 Bib2html Project | 1 Bib2html | 2014-05-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd action to OSBiB/create/index.php. | |||||
| CVE-2014-3807 | 1 Barracudadrive | 1 Barracudadrive | 2014-05-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) blog, (2) bloggeruser, or (3) bloggerpasswd parameter to private/manage/. | |||||
| CVE-2013-4380 | 2 Drupal, Mediafront | 2 Drupal, Mediafront | 2014-05-21 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer mediafront" permission to inject arbitrary web script or HTML via the preset settings. | |||||
| CVE-2013-1407 | 1 Netweblogic | 2 Events Manager, Events Manager Pro | 2014-05-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) scope parameter to index.php; (2) user_name, (3) dbem_phone, (4) user_email, or (5) booking_comment parameter to an event with registration enabled; or the (6) _wpnonce parameter to wp-admin/edit.php. | |||||
| CVE-2013-4430 | 1 Mahara | 1 Mahara | 2014-05-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php. | |||||
| CVE-2013-1810 | 1 Mantisbt | 1 Mantisbt | 2014-05-16 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_print_by_category function or (2) project name in the summary_print_by_project function. | |||||
| CVE-2013-0197 | 1 Mantisbt | 1 Mantisbt | 2014-05-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or HTML via the match_type parameter to bugs/search.php. | |||||
| CVE-2011-3598 | 1 Phppgadmin | 1 Phppgadmin | 2014-05-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php. | |||||
| CVE-2013-5939 | 1 Phpcms | 1 Guesbook Module | 2014-05-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote attackers to inject arbitrary web script or HTML via the (1) list or (2) introduce parameter to index.php. | |||||
| CVE-2013-2087 | 1 Galleryproject | 1 Gallery | 2014-05-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to modules/gallery/controllers/movies.php or (2) key variable to modules/gallery/views/error_admin.html.php. | |||||
| CVE-2011-5249 | 1 Intersectalliance | 1 System Intrusion Analysis And Reporting Environment | 2014-05-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the events page in the System iNtrusion Analysis and Reporting Environment (SNARE) for Linux agent before 1.7.0 allows remote attackers to inject arbitrary web script or HTML via a logged shell command. | |||||
| CVE-2014-3456 | 1 Gitlab | 1 Gitlab | 2014-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4503 | 1 Feed Element Mapper Project | 1 Feed Element Mapper | 2014-05-14 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to options. | |||||
| CVE-2013-6454 | 1 Mediawiki | 1 Mediawiki | 2014-05-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute. | |||||
| CVE-2013-6452 | 1 Mediawiki | 1 Mediawiki | 2014-05-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file. | |||||
| CVE-2013-5749 | 1 Simplerisk | 1 Simplerisk | 2014-05-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the new_project parameter. | |||||
| CVE-2013-4574 | 1 Mediawiki | 1 Mediawiki | 2014-05-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos. | |||||
| CVE-2014-3134 | 1 Sap | 1 Businessobjects | 2014-05-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2854 | 1 Semantictitle Project | 1 Semantictitle | 2014-05-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the SemanticTitle extension before 1.1.0 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-5916 | 1 Bradesco Gateway Plugin Project | 1 Bradesco Gateway | 2014-05-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | |||||