Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9429 | 1 Smoothwall | 1 Smoothwall | 2017-09-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi. | |||||
| CVE-2014-100008 | 1 Joomlaskin | 1 Js Multi Hotel | 2017-09-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/delete_img.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter. | |||||
| CVE-2014-6618 | 1 Your Online Shop Project | 1 Your Online Shop | 2017-09-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Your Online Shop allows remote attackers to inject arbitrary web script or HTML via the products_id parameter. | |||||
| CVE-2014-6619 | 1 Restaurantmis | 1 Restaurant Script | 2017-09-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in register-exec.php in Restaurant Script (PizzaInn_Project) 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, or (3) login parameter. | |||||
| CVE-2014-9430 | 1 Smoothwall | 1 Smoothwall | 2017-09-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action. | |||||
| CVE-2014-100016 | 1 Photocati Media | 1 Photocrati | 2017-09-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-sizes.php in the Photocrati theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the prod_id parameter. | |||||
| CVE-2014-6100 | 1 Ibm | 2 Security Directory Server, Tivoli Directory Server | 2017-09-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-100028 | 1 Webcrafted Project | 1 Webcrafted | 2017-09-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted allows remote attackers to inject arbitrary web script or HTML via the username. | |||||
| CVE-2014-7291 | 1 Springshare | 1 Libcal | 2017-09-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in api_events.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) m or (2) cid parameter. | |||||
| CVE-2014-7290 | 1 Atlas Systems | 1 Aeon | 2017-09-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll. | |||||
| CVE-2014-7277 | 1 Zyxel | 2 Sbg3300-n, Sbg3300-n Firmware | 2017-09-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278. | |||||
| CVE-2014-7978 | 1 Drupal | 1 Bluemasters | 2017-09-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. | |||||
| CVE-2014-6079 | 1 Ibm | 5 Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance, Security Access Manager For Web 7.0 Firmware and 2 more | 2017-09-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-100013 | 1 Clientresponse Project | 1 Clientresponse | 2017-09-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in clientResponse 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject or (2) Message field. | |||||
| CVE-2014-9580 | 1 Projectsend | 1 Projectsend | 2017-09-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information. | |||||
| CVE-2014-9499 | 1 Godwin\'s Law Project | 1 Godwin\'s Law | 2017-09-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML via a Watchdog message. | |||||
| CVE-2014-6070 | 1 Adiscon | 1 Loganalyzer | 2017-09-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php. | |||||
| CVE-2014-100030 | 1 Ganesha Digital Library Project | 1 Ganesha Digital Library | 2017-09-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action. | |||||
| CVE-2014-9349 | 1 Robotstats | 1 Robotstats | 2017-09-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) nom or (2) user_agent parameter to admin/robots.php. | |||||
| CVE-2014-6093 | 1 Ibm | 1 Websphere Portal | 2017-09-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||