CVE-2015-1639

Cross-site scripting XSS vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac XSS Vulnerability."...

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac XSS Vulnerability."...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the 1 view, 2 id, 3 page, or 4 app parameter to the default URI or the 5 act parameter to dapur/index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the locationid parameter in a shareaholicaddlocation action to wp-admin/admin-ajax.php...

CVE-2015-2223

Multiple cross-site scripting XSS vulnerabilities in the web-based console management interface in Palo Alto Networks Traps formerly Cyvera Endpoint Protection 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the 1 Arguments, 2 FileName, or 3 URL parameter in a SOAP...

CVE-2015-2939

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...

CVE-2015-2932

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element...

CVE-2015-2931

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI...

Cross site scripting

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...

CVE-2015-2939

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...

Input validation

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element...

CVE-2015-2939

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...

CVE-2015-2938

Summary (CVE-2015-2938): MediaWiki is affected by an XSS vulnerability in the handling of a custom JavaScript file. Affected versions are MediaWiki < 1.19.24, 1.2.x < 1.23.9, and 1.24.x

CVE-2015-0690

Cross-site scripting XSS vulnerability in the HTML help system on Cisco Wireless LAN Controller WLC devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178...

CVE-2015-0690

Cross-site scripting XSS vulnerability in the HTML help system on Cisco Wireless LAN Controller WLC devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178...

WordPress Welcart Plugin <= 1.4.17 - Multiple XSS

These vulnerabilities allow the attackers to inject arbitrary web script or HTML via the "uscesreferer" parameter to: includes/edit-form-advanced.php, includes/edit-form-advanced34.php, classes/usceshop.class.php, includes/membereditform.php, includes/orderlist.php, includes/ordereditform.php,...

WordPress Shareaholic 7.6.0.3 Cross Site Scripting

Exploit Title: Shareaholic 7.6.0.3 XSS Date: 10-11-2014 Software Link: https://wordpress.org/plugins/shareaholic/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ CVE: CVE-2014-9311 Category: webapps 1. Description...

Cross site scripting

Cross-site scripting XSS vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-0976

Cross-site scripting XSS vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...