UBUNTU-CVE-2014-6300

Cross-site scripting XSS vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery CSRF attack to crea...

PT-2014-8631

Name of the Vulnerable Software and Affected Versions: Web Dorado Spider Video Player plugin versions prior to 1.5.2 Description: The issue is related to a cross-site scripting XSS vulnerability, which allows remote attackers to inject arbitrary web script or HTML. This can be achieved via...

PT-2014-5437 · Red Hat · Spacewalk-Java +1

Name of the Vulnerable Software and Affected Versions: spacewalk-java version 2.0.2 Red Hat Network RHN Satellite versions 5.5 through 5.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to API endpoints such as...

PT-2014-7820 · WordPress · Wp Google Maps

Name of the Vulnerable Software and Affected Versions: WP Google Maps plugin versions prior to 6.0.27 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the poly id parameter in an edit poly, edit polyline, or edit marker action in the "wp-google-maps-menu"...

PT-2014-5450 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 1.583 Jenkins LTS versions prior to 1.565.3 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Recommendations: For Jenkins versions...

PT-2014-5447 · Jenkins · Jenkins Monitoring Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Monitoring plugin versions prior to 1.53.0 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML. Recommendations: For versions prior to 1.53.0, update to version 1.53.0 or later ...

CVE-2014-4510

Cross-site scripting XSS vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2014-5464

Cross-site scripting XSS vulnerability in the nDPI traffic classification library in ntopng aka ntop before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header...

CVE-2014-5273

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the 1 browse table page, related to js/sql.js; 2 ENUM editor page, related to...

UBUNTU-CVE-2014-5022

Cross-site scripting XSS vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field...

DEBIAN-CVE-2014-4945

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic 1 mailbox or 2 message view...

CVE-2014-4946

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via 1 unspecified flags or 2 a mailbox name in the dynamic mailbox view...

UBUNTU-CVE-2014-4946

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via 1 unspecified flags or 2 a mailbox name in the dynamic mailbox view...

PT-2014-3413 · D Link · D-Link Dir-645 Router

Name of the Vulnerable Software and Affected Versions: D-Link DIR-645 Router Rev. A1 with firmware prior to 1.04B11 Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the deviceid parameter to the "parentalcontrols/bind.php" endpoint, t...

DEBIAN-CVE-2014-4002

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the 1 drpaction parameter to cdef.php, 2 datainput.php, 3 dataqueries.php, 4 datasources.php, 5 datatemplates.php, 6 graphtemplates.php, 7 graphs.php, 8 host.php, or...

CVE-2014-2006

Cross-site scripting XSS vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

UBUNTU-CVE-2014-3497

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

CVE-2014-3876

Multiple cross-site scripting XSS vulnerabilities in Frams' Fast File EXchange FEX, aka fex before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the 1 akey parameter to rup or 2 disclaimer or 3 gm parameter to fuc...

PYSEC-2014-79

Cross-site scripting XSS vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name...

UBUNTU-CVE-2014-0533

Cross-site scripting XSS vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to...