Total
40657 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9405 | 1 Free | 1 Freebox Os | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code. | ||||
| CVE-2014-9211 | 1 Clickdesk | 1 Clickdesk | 2024-11-21 | 6.1 Medium |
| ClickDesk version 4.3 and below has persistent cross site scripting | ||||
| CVE-2014-9126 | 1 Open-school | 1 Open-school | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php. | ||||
| CVE-2014-8944 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 5.4 Medium |
| Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter. | ||||
| CVE-2014-8780 | 1 Jease | 1 Jease | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note. | ||||
| CVE-2014-8674 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 5.4 Medium |
| Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code. | ||||
| CVE-2014-8597 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel. | ||||
| CVE-2014-8490 | 1 Tennisconnect | 1 Components | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9.927 allows remote attackers to inject arbitrary web script or HTML via the pid parameter to index.cfm. | ||||
| CVE-2014-8338 | 1 Videowhisper | 1 Webcam | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. | ||||
| CVE-2014-7238 | 1 Formget | 1 Contact Form Integrated With Google Maps | 2024-11-21 | 6.1 Medium |
| The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS | ||||
| CVE-2014-6604 | 1 Subscribe2 Project | 1 Subscribe2 | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter. | ||||
| CVE-2014-6447 | 1 Juniper | 1 Junos | 2024-11-21 | 7.1 High |
| Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1. | ||||
| CVE-2014-6420 | 1 Livefyre | 1 Livecomments | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture. | ||||
| CVE-2014-6413 | 1 Watchguard | 1 Fireware Xtm | 2024-11-21 | 6.1 Medium |
| A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. | ||||
| CVE-2014-6169 | 1 Ibm | 1 Forms Experience Builder | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777. | ||||
| CVE-2014-6071 | 1 Jquery | 1 Jquery | 2024-11-21 | N/A |
| jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after. | ||||
| CVE-2014-6027 | 1 Torrentflux Project | 1 Torrentflux | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details. | ||||
| CVE-2014-5500 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-11-21 | 6.1 Medium |
| Synacor Zimbra Collaboration before 8.0.8 has XSS. | ||||
| CVE-2014-5069 | 1 Microsemi | 2 S350i, S350i Firmware | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs. | ||||
| CVE-2014-5039 | 1 Eucalyptus | 1 Eucalyptus Management Console | 2024-11-21 | 9.6 Critical |
| Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||