Total
41631 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-10007 | 1 Weipdcrm Project | 1 Weipdcrm | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217184. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2015-10006 | 1 Ingnovarq Project | 1 Ingnovarq | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected by this issue is some unknown functionality of the file app/controller/insertarSliderAjax.php. The manipulation of the argument imagetitle leads to cross site scripting. The attack may be launched remotely. The name of the patch is 9d18a39944d79dfedacd754a742df38f99d3c0e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217172. | |||||
| CVE-2015-0749 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. | |||||
| CVE-2014-9919 | 1 Bilboplanet | 1 Bilboplanet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php. | |||||
| CVE-2014-9918 | 1 Bilboplanet | 1 Bilboplanet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php. | |||||
| CVE-2014-9917 | 1 Bilboplanet | 1 Bilboplanet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter. | |||||
| CVE-2014-9615 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. | |||||
| CVE-2014-9608 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2014-9607 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2014-9606 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/. | |||||
| CVE-2014-9470 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search. | |||||
| CVE-2014-9405 | 1 Free | 1 Freebox Os | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code. | |||||
| CVE-2014-9211 | 1 Clickdesk | 1 Clickdesk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ClickDesk version 4.3 and below has persistent cross site scripting | |||||
| CVE-2014-9126 | 1 Open-school | 1 Open-school | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php. | |||||
| CVE-2014-8944 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter. | |||||
| CVE-2014-8780 | 1 Jease | 1 Jease | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note. | |||||
| CVE-2014-8674 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code. | |||||
| CVE-2014-8597 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel. | |||||
| CVE-2014-8490 | 1 Tennisconnect | 1 Components | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9.927 allows remote attackers to inject arbitrary web script or HTML via the pid parameter to index.cfm. | |||||
| CVE-2014-8338 | 1 Videowhisper | 1 Webcam | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. | |||||