Total
21765 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2329 | 1 Check Mk Project | 1 Check Mk | 2015-09-01 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors. | |||||
CVE-2014-3878 | 1 Ipswitch | 1 Imail Server | 2015-08-31 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section. | |||||
CVE-2014-4710 | 1 Aas9 | 1 Zerocms | 2015-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field. | |||||
CVE-2014-4596 | 1 Snapapp Project | 1 Snapapp | 2015-08-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) msg or (2) act parameter. | |||||
CVE-2014-4587 | 1 Wp Guestmap Project | 1 Wp Guestmap Project | 2015-08-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3) dc parameter to guest-locator.php; the (4) zl, (5) mt, (6) activate, or (7) dc parameter to online-tracker.php; the (8) zl, (9) mt, or (10) dc parameter to stats-map.php; or the (11) zl, (12) mt, (13) activate, or (14) dc parameter to weather-map.php. | |||||
CVE-2014-4570 | 1 Videowhisper | 1 Video Presentation | 2015-08-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) room_name parameter to c_login.php or (2) room parameter to index.php in vp/. | |||||
CVE-2014-4571 | 1 Vn-calendar Project | 1 Vn-calendar | 2015-08-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fs or (2) w parameter. | |||||
CVE-2014-4594 | 1 Wordpress Responsive Preview Project | 1 Wordpress Responsive Preview | 2015-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
CVE-2014-4569 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2015-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter. | |||||
CVE-2014-4554 | 1 Ss Downloads Project | 1 Ss Downloads | 2015-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title parameter. | |||||
CVE-2014-4545 | 1 Pro Quoter Plugin Project | 1 Pro Quoter | 2015-08-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) leftorright or (2) author parameter. | |||||
CVE-2014-4549 | 1 Woocommerce Sagepay Direct Payment Gateway Project | 1 Woocommerce Sagepay Direct Payment Gateway | 2015-08-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter. | |||||
CVE-2014-4543 | 1 Pay Per Media Player Project | 1 Pay Per Media Player | 2015-08-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.php in the Pay Per Media Player plugin 1.24 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fcolor, (2) links, (3) stitle, (4) height, (5) width, (6) host, (7) bcolor, (8) msg, (9) id, or (10) size parameter. | |||||
CVE-2014-4520 | 1 Dmca | 1 Dmca Watermarker | 2015-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir parameter. | |||||
CVE-2014-4515 | 1 Anyfont Plugin Project | 1 Anyfont | 2015-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter. | |||||
CVE-2014-4037 | 1 Ckeditor | 1 Fckeditor | 2015-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a different issue than CVE-2012-4000. | |||||
CVE-2014-4023 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2015-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.0, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0 and 10.1.0 through 10.2.4, and PSM 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-8987 | 1 Mantisbt | 1 Mantisbt | 2015-08-25 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different vulnerability than CVE-2014-8986. | |||||
CVE-2015-0298 | 1 Redhat | 1 Mod Cluster | 2015-08-25 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message. | |||||
CVE-2012-3507 | 1 Roundcube | 1 Webmail | 2015-08-24 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject. |