Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4584 | 1 Wp-easybooking Plugin Project | 1 Wp-easybooking | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the fID parameter. | |||||
| CVE-2014-4583 | 1 Wp-contact Plugin Project | 1 Wp-contact-sidebar-widget | 2014-07-02 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in forms/messages.php in the WP-Contact (wp-contact-sidebar-widget) plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) order_direction, (3) limit_start, (4) id, or (5) order parameter. | |||||
| CVE-2014-4575 | 1 Wikipop Plugin Project | 1 Wikipop | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in js/window.php in the Wikipop plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2014-4564 | 1 Validated Plugin Project | 1 Validated Plugin | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in check.php in the Validated plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter. | |||||
| CVE-2014-4556 | 1 Swipe Checkout For Eshop Project | 1 Swipe Checkout For Eshop | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for eShop plugin 3.7.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter. | |||||
| CVE-2014-4538 | 1 Malware Finder Plugin Project | 1 Malware Finder | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2014-4533 | 1 Geo Redirector Plugin Project | 1 Geo Redirector | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ajax_functions.php in the GEO Redirector plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the hid_id parameter. | |||||
| CVE-2014-4528 | 1 Fbpromotions Project | 1 Fbpromotions | 2014-07-02 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-settings.php in the Bugs Go Viral : Facebook Promotion Generator (fbpromotions) plugin 1.3.4 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) promo_type, (2) fb_edit_action, or (3) promo_id parameter. | |||||
| CVE-2014-4521 | 1 Diversesolutions | 1 Dsidxpress Idx Plugin | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2014-4518 | 1 D-coda | 1 Contactme | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter. | |||||
| CVE-2014-4516 | 1 Bic Media Widget Plugin | 1 Bic Media Widget | 2014-07-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter. | |||||
| CVE-2014-4513 | 1 Activehelper | 1 Activehelper Livehelp Live Chat | 2014-07-01 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter. | |||||
| CVE-2014-2934 | 1 Caldera | 1 Caldera | 2014-07-01 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. | |||||
| CVE-2014-2933 | 1 Caldera | 1 Caldera | 2014-07-01 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname. | |||||
| CVE-2013-7061 | 1 Plone | 1 Plone | 2014-06-30 | 5.5 MEDIUM | N/A |
| Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API. | |||||
| CVE-2014-4649 | 1 Piwigo | 1 Piwigo | 2014-06-30 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field. | |||||
| CVE-2013-7060 | 1 Plone | 1 Plone | 2014-06-30 | 5.0 MEDIUM | N/A |
| Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope. | |||||
| CVE-2013-7003 | 1 Livezilla | 1 Livezilla | 2014-06-30 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php. | |||||
| CVE-2010-5299 | 1 Microp Project | 1 Microp | 2014-06-30 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. NOTE: it has been reported that the overflow is in the lpFileName parameter of the CreateFileA function, but the overflow is probably caused by a separate, unnamed function. | |||||
| CVE-2014-4648 | 1 Piwigo | 1 Piwigo | 2014-06-30 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a "security failure." | |||||