CVE-2014-3551

Multiple cross-site scripting XSS vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge...

Cross site scripting

Cross-site scripting XSS vulnerability in the getdescription function in lib/classes/event/userloginfailed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attem...

CVE-2014-3550

Multiple cross-site scripting XSS vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted 1 error or 2 success message for a scheduled task...

Cross site scripting

Cross-site scripting XSS vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the idnodo parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 acountry parameter in a process action to affiliatesignup.php or 2 entrycountryid parameter in an edit action to admin/createaccount.php...

CVE-2014-5113

Multiple cross-site scripting XSS vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the 1 testtype, 2 ver, 3 cm, 4 map, 5 lines, 6 pps, 7 bpp, 8 codec, 9 provtext, 10 provtextextra, 11 provlink, or 12 duration...

Cross site scripting

Cross-site scripting XSS vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity...

CVE-2014-5101

Multiple cross-site scripting XSS vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 TPLname, 2 TPLnick, 3 TPLemail, 4 TPLyear, 5 TPLaddress, 6 TPLcity, 7 TPLprov, 8 TPLzip, 9 TPLphone, 10 TPLppemail, 11 TPLauthnetid, 12 TPLauthnetpass, 13...

CVE-2014-5024

Cross-site scripting XSS vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the nodeid parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the description parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the nodeid parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary web script or HTML via an SMS message...

CVE-2014-3110

Multiple cross-site scripting XSS vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the 1 newListList:ExcludeFileOnExpression, 2 newListList:ExcludeFilesystems, or 3 newListList:ExcludeMountPaths parameter to...

CVE-2014-5021

Cross-site scripting XSS vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label...

CVE-2014-5016

Multiple cross-site scripting XSS vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via 1 the pid attribute to the getAttributejson function to application/controllers/admin/participantsaction.php in CPDB, 2 the sa parameter to...

CVE-2014-3885

Cross-site scripting XSS vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924...

CVE-2014-4955

Cross-site scripting XSS vulnerability in the PMATRIgetRowForList function in libraries/rte/rtelist.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that i...