Total
21765 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-2982 | 1 Php Kobo | 1 Photo Gallery Cms Free | 2015-08-24 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php. | |||||
CVE-2012-6121 | 1 Roundcube | 1 Webmail | 2015-08-24 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link. | |||||
CVE-2015-4294 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2015-08-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766. | |||||
CVE-2015-4292 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2015-08-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv45818. | |||||
CVE-2015-6528 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2015-08-21 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter. | |||||
CVE-2015-5513 | 1 Niif | 1 Shibboleth Authentication | 2015-08-20 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login link. | |||||
CVE-2015-5514 | 1 Migrate Project | 1 Migrate | 2015-08-20 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary web script or HTML via a destination field label. | |||||
CVE-2015-5500 | 1 Navigate Project | 1 Navigate | 2015-08-19 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-5497 | 1 Web Links Project | 1 Web Links | 2015-08-19 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-5495 | 1 Mobile Sliding Menu Project | 1 Mobile Sliding Menu | 2015-08-19 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer menu" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-5492 | 1 Video Consultation Project | 1 Video Consultation | 2015-08-19 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-6515 | 1 Splunk | 1 Splunk | 2015-08-19 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header. | |||||
CVE-2015-6514 | 1 Splunk | 1 Splunk | 2015-08-19 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-5489 | 1 Smart Trim Project | 1 Smart Trim | 2015-08-19 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form. | |||||
CVE-2015-5488 | 1 Thinkshout | 1 Mailchimp | 2015-08-19 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-5485 | 1 Theeventscalendar | 1 Eventbrite Tickets | 2015-08-19 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php. | |||||
CVE-2014-9743 | 1 Videolan | 1 Vlc Media Player | 2015-08-19 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info. | |||||
CVE-2015-4376 | 1 Profile2 Privacy Project | 1 Profile2 Privacy | 2015-08-13 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Profile2 Privacy Levels" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-4380 | 1 Linear Case Project | 1 Linear Case | 2015-08-13 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Linear Case module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-5519 | 1 Wideimage Project | 1 Wideimage | 2015-08-13 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php. |