Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-8800 1 Nextendweb 1 Nextend Facebook Connect 2014-12-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_options action.
CVE-2014-9103 1 Kunena 1 Kunena 2014-12-05 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) index value of an array parameter or the filename parameter in the Content-Disposition header to the (2) file or (3) profile image upload functionality.
CVE-2014-8772 1 X3cms 1 X3 Cms 2014-12-05 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the search_controller in X3 CMS 0.5.1 and 0.5.1.1 allows remote authenticated users to inject arbitrary web script or HTML via the search parameter.
CVE-2014-9236 1 Zoph 1 Zoph 2014-12-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter.
CVE-2014-9241 1 Mybb 1 Mybb 2014-12-05 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php.
CVE-2014-9243 1 Websitebaker 1 Websitebaker 2014-12-05 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5) news/modify_post.php, or (6) news/modify_settings.php in wb/modules/.
CVE-2014-9179 1 Supportezzy Ticket System Project 1 Supportezzy Ticket System 2014-12-03 4.0 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" field in a new ticket.
CVE-2014-9182 1 Anchorcms 1 Anchor Cms 2014-12-03 4.3 MEDIUM N/A
models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.
CVE-2014-3988 1 Sunhater 1 Kcfinder 2014-12-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name of an uploaded file.
CVE-2014-9153 1 Services Project 1 Services 2014-12-01 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response.
CVE-2014-9098 1 Apptha 1 Contus Video Gallery 2014-11-28 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the videoadssearchQuery parameter to (1) videoads/videoads.php, (2) video/video.php, or (3) playlist/playlist.php.
CVE-2014-9100 1 Whydowork Adsense Project 1 Whydowork Adsense 2014-11-26 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydowork_adsense page to wp-admin/options-general.php.
CVE-2014-5326 1 Directwebremoting 1 Direct Web Remoting 2014-11-24 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7248 1 Ipa 1 Ilogscanner 2014-11-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file.
CVE-2014-6623 1 Arubanetworks 1 Clearpass 2014-11-10 4.3 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged in user via unspecified vectors.
CVE-2014-6620 1 Arubanetworks 1 Clearpass 2014-11-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8667 1 Sap 1 Hana Web-based Development Workbench 2014-11-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8622 1 Compfight Project 1 Compfight 2014-11-06 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter.
CVE-2014-4586 1 Wp-football Project 1 Wp-football 2014-10-30 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the wp-football plugin 1.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the league parameter to (1) football_classification.php, (2) football_criteria.php, (3) templates/template_default_preview.php, or (4) templates/template_worldCup_preview.php; the (5) f parameter to football-functions.php; the id parameter in an "action" action to (6) football_groups_list.php, (7) football_matches_list.php, (8) football_matches_phase.php, or (9) football_phases_list.php; or the (10) id_league parameter in a delete action to football_matches_load.php.
CVE-2014-5169 1 Date Project 1 Date 2014-10-24 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title.