Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the 1 browse table page, related to js/sql.js; 2 ENUM editor page, related to...

CVE-2014-5191

Cross-site scripting XSS vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-5178

Multiple cross-site scripting XSS vulnerabilities in Easy File Sharing EFS Web Server 6.8 allow remote authenticated users to inject arbitrary web script or HTML via the content parameter when 1 creating a topic or 2 posting an answer. NOTE: some of these details are obtained from third party...

CVE-2014-4591

Cross-site scripting XSS vulnerability in picasaupload.php in the WP-Picasa-Image plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the postid parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 MD or 2 PARes parameter...

CVE-2014-4565

Multiple cross-site scripting XSS vulnerabilities in vcc.js.php in the Verification Code for Comments plugin 2.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 vp, 2 vs, 3 l, 4 vu, or 5 vm parameter...

CVE-2014-4687

pfSense is affected by CVE-2014-4687: multiple XSS vulnerabilities in pfSense before 2.1.4. Exploitable via five vectors: (1) starttime0 parameter in firewall_schedule.php, (2) rssfeed parameter in rss.widget.php, (3) servicestatusfilter parameter in services_status.widget.php, (4) txtRecallBuffe...

Check Point Connectra R62 '/Login/Login' Arbitrary Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36466/info Check Point Connectra is prone to an arbitrary-script-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary script code in th...

ViewGit 0.0.6 - Multiple XSS Vulnerabilities

No description provided by source. Vulnerability Report Author: Matthew R. Bucci [email protected] Date: 18 March, 2013 CVE-2013-2294 Description of Vulnerability: ----------------------------- ViewGit is a git web repository viewer that aims to be easy to set up and upgrade, light on...

CVE-2014-0218

Cross-site scripting XSS vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-0734

Multiple cross-site scripting XSS vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 searchwords parameter in a search action to wpf.class.php or 2 togroupusers parameter in an addusertogroup action to...

CVE-2013-0298

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted iCalendar file to the calendar application, the 2 dir or 3 file parameter to apps/filespdfviewer/viewer.php, or the 4 mountpoint parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the 1 callbackmulticheck, 2 callbackradio, and 3 callbackwysiwygin functions in mfrhclass.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated users with permissions to add media or edit media to inje...

CVE-2013-7032

Multiple cross-site scripting XSS vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 name of an uploaded file or 2 customer name in a resource created from an uploaded file, a different vulnerability...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in GuppY before 4.6.28 allow remote attackers to inject arbitrary web script or HTML via the 1 "an" parameter to agenda.php or 2 cat parameter to mobile/thread.php...

CVE-2013-6235

Multiple cross-site scripting XSS vulnerabilities in JAMon Java Application Monitor 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 listenertype or 2 currentlistener parameter to mondetail.jsp or ArraySQL parameter to 3 mondetail.jsp, 4 jamonadmin.jsp, 5...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the StackIdeas Komento comkomento component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 website or 2 latitude parameter in a comment to the default URI...

CVE-2012-6621

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Email Address or 2 Custom Permalink Structure fields in admin/settings.php; 3 path parameter to admin/upload.php; 4 err paramet...

Cross site scripting

Cross-site scripting XSS vulnerability in the web interface in Cisco Secure Access Control System ACS allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the 1 box parameter to messaging/messagebox.php, cidToEdit parameter to 2 adminregisteruser.php or 3 adminusercoursesettings.php in admin/, 4 moduleid...