Total
21765 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2191 | 1 Cisco | 1 Broadband Access Center Telco Wireless Software | 2015-08-13 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun91113. | |||||
CVE-2014-2092 | 1 Cmsmadesimple | 1 Cms Made Simple | 2015-08-13 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the original disclosure also reported issues that may not cross privilege boundaries. | |||||
CVE-2014-2091 | 1 Atutor | 1 Atutor | 2015-08-13 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries. | |||||
CVE-2014-0812 | 2 Kent-web, Microsoft | 2 Joyful Note, Internet Explorer | 2015-08-13 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-0811 | 1 Blackboard | 1 Vista\/ce | 2015-08-13 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 SP6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-0639 | 1 Emc | 1 Rsa Archer Egrc | 2015-08-13 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-2744 | 1 Mozilla | 1 Firefox Os | 2015-08-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Search app in Gaia in Mozilla Firefox OS before 2.2 allows remote attackers to inject arbitrary HTML via a crafted search link that is mishandled after re-opening the browser or opening the tab view. | |||||
CVE-2015-2745 | 1 Mozilla | 1 Firefox Os | 2015-08-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Search app in Gaia in Mozilla Firefox OS before 2.2 allow remote attackers to inject arbitrary HTML via the (1) name or (2) title field in card content associated with a search link that is mishandled after a HOME button press or a Show Windows action, as demonstrated by embedding an arbitrary application or spoofing the account-creation page. | |||||
CVE-2014-4845 | 1 Stillbreathing | 1 Bannerman | 2015-08-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bannerman_background parameter to wp-admin/options-general.php. | |||||
CVE-2014-2244 | 1 Mediawiki | 1 Mediawiki | 2015-08-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php. | |||||
CVE-2014-1407 | 1 Conceptronic | 2 C54apm, C54apm Firmware | 2015-08-07 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup. | |||||
CVE-2013-6674 | 1 Mozilla | 3 Seamonkey, Thunderbird, Thunderbird Esr | 2015-08-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018. | |||||
CVE-2014-8954 | 1 Codecanyon | 1 Phpsound | 2015-08-06 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php. | |||||
CVE-2014-8508 | 1 Denon | 1 Avr-3313ci | 2015-08-06 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname. | |||||
CVE-2014-8349 | 1 Liferay | 1 Liferay Portal | 2015-08-06 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file. | |||||
CVE-2014-5456 | 1 Social Stats Project | 1 Social Stats | 2015-08-06 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbitrary web script or HTML via vectors related to the configuration. | |||||
CVE-2014-7295 | 1 Mediawiki | 1 Mediawiki | 2015-08-06 | 3.5 LOW | N/A |
The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css. | |||||
CVE-2014-5417 | 1 Meinberg | 8 Lantime M100, Lantime M200, Lantime M300 and 5 more | 2015-08-06 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-5408 | 1 Nordex | 1 Nordex Control 2 Scada | 2015-08-06 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
CVE-2014-1648 | 1 Symantec | 1 Messaging Gateway | 2015-08-06 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter. |