Total
21765 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-6920 | 1 Sourceafrica Project | 1 Sourceafrica | 2015-09-17 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. | |||||
CVE-2014-9475 | 1 Mediawiki | 1 Mediawiki | 2015-09-17 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message. | |||||
CVE-2015-6969 | 1 S9y | 1 Serendipity | 2015-09-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link. | |||||
CVE-2014-5088 | 1 Status2k | 1 Status2k | 2015-09-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php. | |||||
CVE-2014-4958 | 1 Telerik | 1 Asp.net Ajax Radeditor Control | 2015-09-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or HTML via CSS expressions in style attributes. | |||||
CVE-2014-4854 | 1 Smartcatdesign | 1 Wp Contruction Mode | 2015-09-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuc_logo parameter in a save action to wp-admin/admin.php. | |||||
CVE-2014-3266 | 1 Cisco | 1 Security Manager | 2015-09-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189. | |||||
CVE-2014-2192 | 1 Cisco | 1 Unified Web And E-mail Interaction Manager | 2015-09-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033. | |||||
CVE-2014-2125 | 1 Cisco | 1 Unity Connection | 2015-09-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028. | |||||
CVE-2014-2118 | 1 Cisco | 1 Prime Security Manager | 2015-09-16 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687. | |||||
CVE-2014-2120 | 1 Cisco | 1 Adaptive Security Appliance Software | 2015-09-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025. | |||||
CVE-2014-2114 | 1 Cisco | 1 Emergency Responder | 2015-09-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384. | |||||
CVE-2014-2104 | 1 Cisco | 1 Unified Communications Domain Manager | 2015-09-16 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113. | |||||
CVE-2014-0735 | 1 Cisco | 1 Unified Communications Manager | 2015-09-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470. | |||||
CVE-2014-0723 | 1 Cisco | 1 Unified Communications Manager | 2015-09-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343. | |||||
CVE-2015-5630 | 1 Ntt-bp | 1 Japan Connected-free Wi-fi | 2015-09-14 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID. | |||||
CVE-2015-6466 | 1 Moxa | 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more | 2015-09-14 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field. | |||||
CVE-2015-6921 | 1 Zendesk | 1 Zendesk Feedback Tab | 2015-09-14 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-6919 | 1 Googlesearch Project | 1 Googlesearch | 2015-09-14 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q parameter to index.php. | |||||
CVE-2015-6751 | 1 Time Tracker Project | 1 Time Tracker | 2015-09-11 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) note added to a time entry or an (2) activity used to categorize time tracker entries. |