Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6240 | 1 Google Sitemap Project | 1 Google Sitemap | 2014-09-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar_googlesitemap) extension 0.4.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-5313 | 1 Sixapart | 1 Movabletype | 2014-09-10 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the management page in Six Apart Movable Type before 5.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3900 | 1 Piwigo | 1 Piwigo | 2014-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, a different vulnerability than CVE-2014-4649. | |||||
| CVE-2014-3905 | 1 Tenfourzero | 1 Shutter | 2014-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tenfourzero Shutter 0.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3861 | 1 Hl7 | 1 C-cda | 2014-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element. | |||||
| CVE-2010-5303 | 1 Binarymoon | 1 Timthumb | 2014-08-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString. | |||||
| CVE-2010-5302 | 1 Binarymoon | 1 Timthumb | 2014-08-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | |||||
| CVE-2009-5142 | 2 Binarymoon, Prothemedesign | 2 Timthumb, Mimbo Pro | 2014-08-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter. | |||||
| CVE-2014-5382 | 1 Schrack | 2 Technik Microcontrol, Technik Microcontrol Firmware | 2014-08-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors. | |||||
| CVE-2014-5348 | 1 Riverbed | 1 Steelapp Traffic Manager | 2014-08-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in Riverbed Stingray (aka SteelApp) Traffic Manager Virtual Appliance 9.6 patchlevel 9620140312 allows remote attackers to inject arbitrary web script or HTML via the logfile parameter. | |||||
| CVE-2014-5345 | 1 Disqus | 1 Disqus Comment System | 2014-08-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter. | |||||
| CVE-2014-5344 | 1 Mobiloud | 1 Mobiloud | 2014-08-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud (mobiloud-mobile-app-plugin) plugin before 2.3.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-5248 | 1 Mybb | 1 Mybb | 2014-08-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode. | |||||
| CVE-2014-1980 | 1 Piwigo | 1 Piwigo | 2014-08-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the Make field in IPTC Exif metadata within an image uploaded to the Community plugin. | |||||
| CVE-2014-5198 | 1 Splunk | 1 Splunk | 2014-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header. | |||||
| CVE-2014-5202 | 1 Compfight Project | 1 Compfight | 2014-08-13 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter. | |||||
| CVE-2014-3774 | 1 Teampass | 1 Teampass | 2014-08-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element. | |||||
| CVE-2013-7318 | 1 Algosec | 1 Firewall Analyzer | 2014-08-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2013-1804 | 1 Php-fusion | 1 Php-fusion | 2014-08-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (2) user_list or (3) user_types parameter to messages.php; (4) message parameter to infusions/shoutbox_panel/shoutbox_admin.php; (5) message parameter to administration/news.php; (6) panel_list parameter to administration/panel_editor.php; (7) HTTP User Agent string to administration/phpinfo.php; (8) "__BBCODE__" parameter to administration/bbcodes.php; errorMessage parameter to (9) article_cats.php, (10) download_cats.php, (11) news_cats.php, or (12) weblink_cats.php in administration/, when error is 3; or (13) body or (14) body2 parameter to administration/articles.php. | |||||
| CVE-2014-3894 | 1 Php Kobo | 1 Multifunctional Mailform Free | 2014-08-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional MailForm Free 2014/1/28 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header. | |||||