Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5101 | 1 Webidsupport | 1 Webid | 2014-08-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authnet_id, (12) TPL_authnet_pass, (13) TPL_worldpay_id, (14) TPL_toocheckout_id, or (15) TPL_moneybookers_email in a first action to register.php or the (16) username parameter in a login action to user_login.php. | |||||
| CVE-2014-3897 | 1 Homepage Decorator Perlmailer Project | 1 Homepage Decorator Perlmailer | 2014-07-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-5113 | 1 Visualware | 1 Myconnection Server | 2014-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, or (12) duration parameter. | |||||
| CVE-2014-5105 | 1 Ol-commerce Project | 1 Ol-commerce | 2014-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate_signup.php or (2) entry_country_id parameter in an edit action to admin/create_account.php. | |||||
| CVE-2014-4857 | 1 Gurock | 1 Testrail | 2014-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity. | |||||
| CVE-2014-2971 | 1 Micropact | 1 Icomplaints | 2014-07-25 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the description parameter. | |||||
| CVE-2014-2968 | 1 Huawei | 3 E355, E355 Firmware, E355 Web Ui | 2014-07-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary web script or HTML via an SMS message. | |||||
| CVE-2014-3432 | 1 Symantec | 1 Data Insight | 2014-07-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. | |||||
| CVE-2014-3433 | 1 Symantec | 1 Data Insight | 2014-07-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue. | |||||
| CVE-2013-2023 | 1 Happyworm | 1 Jplayer | 2014-07-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to incomplete blacklists, a different vulnerability than CVE-2013-1942 and CVE-2013-2022. | |||||
| CVE-2014-1994 | 1 Cybozu | 1 Garoon | 2014-07-23 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-1995 | 1 Cybozu | 1 Garoon | 2014-07-23 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-1992 | 1 Cybozu | 1 Garoon | 2014-07-22 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3884 | 1 Webmin | 1 Usermin | 2014-07-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. | |||||
| CVE-2014-3886 | 1 Webmin | 1 Webmin | 2014-07-22 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. | |||||
| CVE-2014-3885 | 1 Webmin | 1 Webmin | 2014-07-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. | |||||
| CVE-2014-5022 | 1 Drupal | 1 Drupal | 2014-07-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field. | |||||
| CVE-2014-5021 | 1 Drupal | 1 Drupal | 2014-07-22 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label. | |||||
| CVE-2014-4017 | 1 Conversionninja | 1 Conversion Ninja | 2014-07-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php. | |||||
| CVE-2014-5016 | 1 Limesurvey | 1 Limesurvey | 2014-07-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2) the sa parameter to application/views/admin/globalSettings_view.php, or (3) a crafted CSV file to the "Import CSV" functionality. | |||||