CVE-2014-7248

Cross-site scripting XSS vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file...

CVE-2014-8557

Multiple cross-site scripting XSS vulnerabilities in JExperts Channel Platform 5.0.33CCB allow remote attackers to inject arbitrary web script or HTML via the 1 usuario.nome variable in an editarUsuario action to usuario.do or 2 titulo.form variable in a novoChamado action to ticket.do...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in JExperts Channel Platform 5.0.33CCB allow remote attackers to inject arbitrary web script or HTML via the 1 usuario.nome variable in an editarUsuario action to usuario.do or 2 titulo.form variable in a novoChamado action to ticket.do...

CVE-2014-8557

Multiple cross-site scripting XSS vulnerabilities in JExperts Channel Platform 5.0.33CCB allow remote attackers to inject arbitrary web script or HTML via the 1 usuario.nome variable in an editarUsuario action to usuario.do or 2 titulo.form variable in a novoChamado action to ticket.do...

CVE-2014-4116

CVE-2014-4116 is an XSS/elevation-of-privilege issue in Microsoft SharePoint Foundation 2010 SP2. The vulnerability arises from improper handling of list content, allowing remote authenticated users to inject arbitrary script/HTML via a modified list (SharePoint Elevation of Privilege Vulnerabili...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Tivoli Netcool/Impact 6.1.1 before 6.1.1.1-TIV-NCI-IF0001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

Cross site request forgery (csrf)

Cross-site scripting XSS vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery CSRF attack to crea...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-5451

Cross-site scripting XSS vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression...

CVE-2014-8658

Cross-site scripting XSS vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit content to inject arbitrary web script or HTML via the versionComment parameter to pages/doeditpage.acti...

CVE-2014-7958

Cross-site scripting XSS vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit content to inject arbitrary web script or HTML via the versionComment parameter to pages/doeditpage.acti...

Cross site scripting

Cross-site scripting XSS vulnerability in json.php in French National Commission on Informatics and Liberty aka CNIL CookieViz allows remote we servers to inject arbitrary web script or HTML via the maxdate parameter...

CVE-2014-8508

Cross-site scripting XSS vulnerability in snetwork.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 default URI to admin.php or the 2 id parameter to admin.php or 3 go.php...

CVE-2014-3475

CVE-2014-3475 is an XSS issue in the OpenStack Horizon Users panel (admin/users/). Affected software: OpenStack Horizon before 2013.2.4, OpenStack Horizon 2014.1 before 2014.1.2, and Horizon in the Juno series before Juno-2. Root cause: cross-site scripting via a user email address allows injecti...

CVE-2014-3475

Cross-site scripting XSS vulnerability in the Users panel admin/users/ in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than...

CVE-2014-2336

Multiple cross-site scripting XSS vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 dataContacttitle parameter to admin/contacts/contacts/add page; 2 dataBlocktitle or 3 dataBlockalias parameter to admin/blocks/blocks/edit page; 4...