Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9501 1 Poll Chart Block Project 1 Poll Chart Block 2015-01-12 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a poll node title.
CVE-2014-9498 1 Webform Invitation Project 1 Webform Invitation 2015-01-12 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web script or HTML via a node title.
CVE-2013-7419 1 Joomlaskin 1 Js Multi Hotel 2015-01-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the roomid parameter.
CVE-2014-9582 1 Codiad 1 Codiad 2015-01-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
CVE-2015-0918 1 Sefrengo 1 Sefrengo 2015-01-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php.
CVE-2015-0917 1 Kajona 1 Kajona 2015-01-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.
CVE-2014-8376 1 Site Banner Project 1 Site Banner 2015-01-07 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML via vectors related to context settings.
CVE-2014-4517 1 Cbi Referral Manager Project 1 Cbi Referral Manager 2015-01-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the searchString parameter.
CVE-2014-3628 1 Apache 1 Solr 2015-01-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.
CVE-2014-9518 1 D-link 2 Dir-655, Dir-655 Firmware 2015-01-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter.
CVE-2014-9516 1 Social Microblogging Pro Project 1 Social Microblogging Pro 2015-01-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site" input in the Profile section.
CVE-2014-9446 1 Koha 1 Koha 2015-01-05 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl.
CVE-2014-9444 1 Frontend Uploader Project 1 Frontend Uploader 2015-01-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI.
CVE-2014-9443 1 Relevanssi 1 Relevanssi 2015-01-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-9434 1 Absolutengine 1 Absolut Engine 2015-01-05 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter.
CVE-2014-7293 1 Nyu 1 Opensso Integration 2015-01-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2010-5316 1 Basic-cms 1 Sweetrice 2015-01-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to inject arbitrary web script or HTML via a top_height cookie.
CVE-2010-5314 1 Chialab \& Channelweb 1 Bedita 2015-01-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in controllers/home_controller.php in BEdita before 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index.
CVE-2014-8752 1 Jce-tech 1 Video Niche Script 2015-01-02 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in view.php in JCE-Tech PHP Video Script (aka Video Niche Script) 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) video or (2) title parameter.
CVE-2014-9325 1 Twiki 1 Twiki 2015-01-02 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences.