CVE-2014-9174

Cross-site scripting XSS vulnerability in the Google Analytics by Yoast google-analytics-for-wordpress plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" manualuacodefield field in the General Settings...

CVE-2014-9174

Cross-site scripting XSS vulnerability in the Google Analytics by Yoast google-analytics-for-wordpress plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" manualuacodefield field in the General Settings...

CVE-2014-9176

Cross-site scripting XSS vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php...

CVE-2014-9174

The CVE-2014-9174 entry corresponds to a Cross-site scripting (XSS) vulnerability in the WordPress plugin Google Analytics by Yoast (google-analytics-for-wordpress) prior to version 5.1.3. The issue arises from unsafely handling the value entered in the General Settings field “Manually enter your...

CVE-2014-7291

Multiple cross-site scripting XSS vulnerabilities in apievents.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 m or 2 cid parameter...

CVE-2014-8958

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...

CVE-2014-8960

Cross-site scripting XSS vulnerability in libraries/errorreport.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

Magento eCommerce FlashVar Parameter Cross-Site Scripting

A cross-site scripting vulnerability has been reported in Magento 1.9.0.1 FlashVar Parameter. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

Web Server Content-Disposition Cross-Site Scripting (CVE-2016-7168)

A cross-site scripting vulnerability exists in Content-Disposition HTTP header. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

CVE-2014-7850

Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...

CVE-2014-7850

Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...

CVE-2014-9100

Cross-site scripting XSS vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydoworkadsense page to wp-admin/options-general.php...

CVE-2014-9094

Multiple cross-site scripting XSS vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio DZS Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 swfloc or 2 designrand parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Apptha WordPress Video Gallery contus-video-gallery plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the videoadssearchQuery parameter to 1...

CVE-2014-9094

Multiple cross-site scripting XSS vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio DZS Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 swfloc or 2 designrand parameter...

CVE-2014-9100

Cross-site scripting XSS vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydoworkadsense page to wp-admin/options-general.php...

CVE-2014-9103

Multiple cross-site scripting XSS vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 index value of an array parameter or the filename parameter in the Content-Disposition header to the 2 file or 3 profile image...

CVE-2014-6196

Cross-site scripting XSS vulnerability in IBM Web Experience Factory WEF 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework WDF and Lotus Widget Factory LWF, allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Web Experience Factory WEF 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework WDF and Lotus Widget Factory LWF, allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere...

WordPress Apptha Video Gallery Plugin <= 2.5 - Multiple XSS

These vulnerabilities allow authenticated users to inject arbitrary web script or HTML via the "videoadssearchQuery" parameter. Solution Update the plugin...