Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1028 | 1 D-link | 2 Dsl-2730b, Dsl-2730b Firmware | 2015-01-26 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer). | |||||
| CVE-2014-4514 | 1 Alipay Project | 1 Alipay | 2015-01-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to the getDebugInfo function. | |||||
| CVE-2015-1204 | 1 Getusedtoit | 1 Wp Slimstat | 2015-01-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fs[resource] parameter in the wp-slim-view-2 page to wp-admin/admin.php. | |||||
| CVE-2015-0553 | 1 Websitebaker | 1 Websitebaker | 2015-01-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 SP3 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter. | |||||
| CVE-2015-0862 | 1 Pivotal Software | 1 Rabbitmq Management | 2015-01-20 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin before 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a message is unqueued, such as headers or arguments; (2) policy names, which are not properly handled when viewing policies; (3) details for AMQP network clients, such as the version; allow remote authenticated administrators to inject arbitrary web script or HTML via (4) user names, (5) the cluster name; or allow RabbitMQ cluster administrators to (6) modify unspecified content. | |||||
| CVE-2014-9480 | 1 Mediawiki | 1 Mediawiki | 2015-01-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts. | |||||
| CVE-2014-9479 | 1 Mediawiki | 1 Mediawiki | 2015-01-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox. | |||||
| CVE-2014-9478 | 1 Mediawiki | 1 Mediawiki | 2015-01-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page. | |||||
| CVE-2014-9477 | 1 Mediawiki | 1 Mediawiki | 2015-01-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter. | |||||
| CVE-2014-9561 | 1 Softbb | 1 Softbb | 2015-01-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter. | |||||
| CVE-2015-1052 | 1 Phpkit | 1 Phpkit | 2015-01-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows remote attackers to inject arbitrary web script or HTML via the result parameter to upload_files/pk/include.php. | |||||
| CVE-2015-1040 | 1 Bedita | 1 Bedita | 2015-01-15 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) "note text" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view. | |||||
| CVE-2015-1039 | 1 Zfcuser Project | 1 Zfcuser | 2015-01-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. | |||||
| CVE-2014-10035 | 1 Couponphp | 1 Couponphp | 2015-01-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the (3) affiliate_url, (4) description, (5) domain, (6) seo[description], (7) seo[heading], (8) seo[title], (9) seo[keywords], (10) setting[logo], (11) setting[perpage], or (12) setting[sitename] to admin/index.php. | |||||
| CVE-2014-100037 | 1 Storytlr | 1 Storytlr | 2015-01-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to archives/. | |||||
| CVE-2014-100021 | 1 Orangehrm | 1 Orangehrm | 2015-01-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the empsearch[employee_name][empId] parameter. | |||||
| CVE-2014-100018 | 1 Unconfirmed Project | 1 Unconfirmed | 2015-01-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Unconfirmed plugin before 1.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in the unconfirmed page to wp-admin/network/users.php. | |||||
| CVE-2014-9507 | 1 Mediawiki | 1 Mediawiki | 2015-01-13 | 2.6 LOW | N/A |
| MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS. | |||||
| CVE-2014-10028 | 1 D-link | 2 Dap-1360, Dap-1360 Firmware | 2015-01-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41. | |||||
| CVE-2014-9500 | 1 Moip Project | 1 Moip | 2015-01-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the notification page callback. | |||||