CVE-2014-6254

CVE-2014-6254 refers to multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core up to 5 Beta 3. The NVD description states that remote attackers could inject arbitrary web script or HTML via an attribute in a device name, device detail, report name, report detail, portlet name, or via ...

CVE-2014-4633

Cross-site scripting XSS vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-7265

Cross-site scripting XSS vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326...

CVE-2014-6326

Cross-site scripting XSS vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6325...

Cross site scripting

Cross-site scripting XSS vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users with the "Edit path based meta tags" permission to inject arbitrary web script or HTML via vectors related to deleting a...

CVE-2014-8488

Cross-site scripting XSS vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality...

CVE-2014-9281

Cross-site scripting XSS vulnerability in admin/copyfield.php in MantisBT before 1.2.18 allows remote attackers to inject arbitrary web script or HTML via the destid field...

CVE-2014-9346

Multiple cross-site scripting XSS vulnerabilities in the Hierarchical Select module 6.x-3.x before 6.x-3.9 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to the 1 taxonomy term title for instances with Save term...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 nom or 2 useragent parameter to admin/robots.php...

CVE-2014-9346

Multiple cross-site scripting XSS vulnerabilities in the Hierarchical Select module 6.x-3.x before 6.x-3.9 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to the 1 taxonomy term title for instances with Save term...

CVE-2014-3797

Cross-site scripting XSS vulnerability in VMware vCenter Server Appliance vCSA 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-8600

CVE-2014-8600 covers multiple XSS vulnerabilities in KDE components: KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier. The issue arises from improper handling of URIs in an error message, allowing an attacker to inject arbitrary web script or HTML vi...

CVE-2014-8600

Removed by vendor...

CVE-2014-8800

Cross-site scripting XSS vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fbloginbutton parameter in a newfbupdateoptions action...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Altitude uAgent in Altitude uCI Unified Customer Interaction 7.5 allow remote attackers to inject arbitrary web script or HTML via 1 an email hyperlink or the 2 style parameter in the image attribute section...

CVE-2014-9243

Multiple cross-site scripting XSS vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to wb/admin/admintools/tool.php or 2 sectionid parameter to editmodulefiles.php, 3 news/addpost.php, 4 news/modifygroup.php, 5...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via 1 file or 2 directory folder name of an uploaded file...

CVE-2014-9179

Cross-site scripting XSS vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL optional" field in a new ticket...