4572 matches found
CVE-2014-9031
Cross-site scripting XSS vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post...
DEBIAN-CVE-2014-9031
Cross-site scripting XSS vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post...
UBUNTU-CVE-2010-5312
Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...
UBUNTU-CVE-2014-8600
Multiple cross-site scripting XSS vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the 1 zip, 2 trash, 3 tar, 4 thumbnail, 5 smtps, 6 smtp, 7 smb...
UBUNTU-CVE-2014-6300
Cross-site scripting XSS vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery CSRF attack to crea...
PT-2014-8631
Name of the Vulnerable Software and Affected Versions: Web Dorado Spider Video Player plugin versions prior to 1.5.2 Description: The issue is related to a cross-site scripting XSS vulnerability, which allows remote attackers to inject arbitrary web script or HTML. This can be achieved via...
PT-2014-5437 · Red Hat · Spacewalk-Java +1
Name of the Vulnerable Software and Affected Versions: spacewalk-java version 2.0.2 Red Hat Network RHN Satellite versions 5.5 through 5.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to API endpoints such as...
PT-2014-7820 · WordPress · Wp Google Maps
Name of the Vulnerable Software and Affected Versions: WP Google Maps plugin versions prior to 6.0.27 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the poly id parameter in an edit poly, edit polyline, or edit marker action in the "wp-google-maps-menu"...
PT-2014-5450 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 1.583 Jenkins LTS versions prior to 1.565.3 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Recommendations: For Jenkins versions...
PT-2014-5447 · Jenkins · Jenkins Monitoring Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Monitoring plugin versions prior to 1.53.0 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML. Recommendations: For versions prior to 1.53.0, update to version 1.53.0 or later ...
CVE-2014-4510
Cross-site scripting XSS vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2014-5464
Cross-site scripting XSS vulnerability in the nDPI traffic classification library in ntopng aka ntop before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header...
CVE-2014-5273
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the 1 browse table page, related to js/sql.js; 2 ENUM editor page, related to...
UBUNTU-CVE-2014-5022
Cross-site scripting XSS vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field...
JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions
It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...
JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions
It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...
DEBIAN-CVE-2014-4945
Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic 1 mailbox or 2 message view...
CVE-2014-4946
Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via 1 unspecified flags or 2 a mailbox name in the dynamic mailbox view...
UBUNTU-CVE-2014-4946
Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via 1 unspecified flags or 2 a mailbox name in the dynamic mailbox view...
PT-2014-3413 · D Link · D-Link Dir-645 Router
Name of the Vulnerable Software and Affected Versions: D-Link DIR-645 Router Rev. A1 with firmware prior to 1.04B11 Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the deviceid parameter to the "parentalcontrols/bind.php" endpoint, t...