Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to inject arbitrary web script or HTML via 1 the Message parameter to rcore6/main/showerror.jsp, 2 the ButtonsetClass...

CVE-2014-4002

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the 1 drpaction parameter to cdef.php, 2 datainput.php, 3 dataqueries.php, 4 datasources.php, 5 datatemplates.php, 6 graphtemplates.php, 7 graphs.php, 8 host.php, or...

CVE-2014-4195

Cross-site scripting XSS vulnerability in zeroviewarticle.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the articleid parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in Invision Power IP.Board aka IPB or Power Board 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2014-4597

Cross-site scripting XSS vulnerability in test.php in the WP Social Invitations plugin before 1.4.4.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter...

CVE-2014-4549

Multiple cross-site scripting XSS vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 MD or 2 PARes parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in videoplayer/autoplay.php in the HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 theme or 2 playlistmod parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in vcc.js.php in the Verification Code for Comments plugin 2.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 vp, 2 vs, 3 l, 4 vu, or 5 vm parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title parameter...

CVE-2014-4601

Cross-site scripting XSS vulnerability in wu-ratepost.php in the Wu-Rating plugin 1.0 12319 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the v parameter...

CVE-2014-4603

Multiple cross-site scripting XSS vulnerabilities in yupdatesapplication.php in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 secret, 2 key, or 3 appid parameter...

CVE-2014-4600

Multiple cross-site scripting XSS vulnerabilities in contact/edit.php in the WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 listname or 2 contact parameter...

CVE-2014-4599

Multiple cross-site scripting XSS vulnerabilities in forms/search.php in the WP-Business Directory wp-ttisbdir plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 edit, 2 searchterm, 3 pageid, 4 page, or 5 pagelinks parameter...

CVE-2014-4589

Cross-site scripting XSS vulnerability in uploader.php in the WP Silverlight Media Player wp-media-player plugin 0.8 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the postid parameter...

CVE-2014-4594

Cross-site scripting XSS vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter...

CVE-2014-4595

Multiple cross-site scripting XSS vulnerabilities in the WP RESTful plugin 0.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 oauthcallback parameter to htmlapiauthorize.php or the 2 oauthtokentemp or 3 oauthcallbacktemp parameter to...

CVE-2014-4596

Multiple cross-site scripting XSS vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 msg or 2 act parameter...

CVE-2014-4560

Cross-site scripting XSS vulnerability in includes/getTipo.php in the ToolPage plugin 1.6.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the t parameter...

CVE-2014-4570

Multiple cross-site scripting XSS vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 roomname parameter to clogin.php or 2 room parameter to index.php in vp/...

CVE-2014-4566

Cross-site scripting XSS vulnerability in res/faketwitter/frame.php in the "verwei.se - WordPress - Twitter" verweise-wordpress-twitter plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter...