Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 text parameter in an addComment action to ajax/profilefunctions.php, 2 composetext parameter in a sendMail action to...

CVE-2014-8809

Multiple cross-site scripting XSS vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 text parameter in an addComment action to ajax/profilefunctions.php, 2 composetext parameter in a sendMail action to...

CVE-2014-6178

Cross-site scripting XSS vulnerability in the widgets in IBM WebSphere Service Registry and Repository WSRR 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web UI in IBM WebSphere Service Registry and Repository WSRR 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header...

CVE-2014-6188

Multiple cross-site scripting XSS vulnerabilities in IBM WebSphere Service Registry and Repository WSRR 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-5216

Multiple cross-site scripting XSS vulnerabilities in NetIQ Access Manager NAM 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via 1 the location parameter in a dev.Empty action to nps/servlet/webacc, 2 the error parameter to nidp/jsp/x509err.jsp, 3 the lang...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in NetIQ Access Manager NAM 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via 1 the location parameter in a dev.Empty action to nps/servlet/webacc, 2 the error parameter to nidp/jsp/x509err.jsp, 3 the lang...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in NetIQ Access Manager NAM 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via 1 an arbitrary parameter to roma/jsp/debug/debug.jsp or 2 an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a...

CVE-2014-9412

Multiple cross-site scripting XSS vulnerabilities in NetIQ Access Manager NAM 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via 1 an arbitrary parameter to roma/jsp/debug/debug.jsp or 2 an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a...

CVE-2014-8018

Cisco SA-20150106-CVE-2014-8018 describes a reflected XSS vulnerability in the web framework of Cisco Unified Communications Domain Manager (BVSM pages) allowing unauthenticated remote attackers to inject arbitrary script via a crafted link. Root cause: improper validation of user-supplied input....

CVE-2014-8724

Cross-site scripting XSS vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATHINFO to the default URI...

Cross site scripting

Cross-site scripting XSS vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATHINFO to the default URI...

Cross site scripting

Cross-site scripting XSS vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7268...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

Cross site scripting

Cross-site scripting XSS vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

Cross site scripting

Cross-site scripting XSS vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance ASA Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695...

Cross site scripting

Cross-site scripting XSS vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2014-8012

Cross-site scripting XSS vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance ASA Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695...

Default credentials

The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php...

CVE-2014-8247

Cross-site scripting XSS vulnerability in CA Release Automation formerly iTKO LISA Release Automation before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...