Lucene search
K

7613 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/01/30 4:52 a.m.4 views

Fumy News Clipper vulnerable to cross-site scripting

Overview Fumy News Clipper provided by Nishishi Factory contains a cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...

4.3CVSS6.1AI score0.01161EPSS
Exploits0References5
CNVD
CNVD
added 2015/01/30 12:0 a.m.6 views

WordPress Plugin Geo Mashup Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Geo Mashup, as it fails to properly filter user-supplied...

4.3CVSS6.5AI score0.01959EPSS
Exploits1References1
NVD
NVD
added 2015/01/29 3:59 p.m.16 views

CVE-2015-1422

Multiple cross-site scripting XSS vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 horder, 2 jakcatid, 3 jakcontent, 4 jakcss, 5 jakdeletelog, 6 jakemail, 7 jakextfile, 8 jakfile, 9 jakhookshow, 10 jakimg, 11 jakjavascript, 12...

4.3CVSS5.8AI score0.04076EPSS
Exploits1References7
CNVD
CNVD
added 2015/01/29 12:0 a.m.1 views

Multiple Cross-Site Scripting Vulnerabilities in IBM Dojo Toolkit

IBM Dojo Toolkit is IBM sponsored with the javascript language implementation of open source DHTML toolkit . IBM Dojo Toolkit has multiple cross-site scripting vulnerabilities that could allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS8.4AI score0.0206EPSS
Exploits0References1
CNVD
CNVD
added 2015/01/27 12:0 a.m.5 views

QPR Portal HTML Injection Vulnerability

QPR Software Suite is a suite of business management and performance management products from the Finnish company QPR Software.QPR Portal is one of the portal products that provides features such as full-screen mode to introduce integrated navigation options, copy schematic location links and ope...

4.3CVSS7.6AI score0.01692EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2015/01/27 12:0 a.m.25 views

MediaWiki Hovercards Extension < 1.24 XSS Vulnerability (Jan 2015) - Active Check

The Hovercards extension for MediaWiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

4.3CVSS6.1AI score0.01233EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2015/01/27 12:0 a.m.25 views

MediaWiki TemplateSandbox Extension < 1.24 XSS Vulnerability (Jan 2015) - Active Check

The TemplateSandbox extension for MediaWiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

4.3CVSS6AI score0.01206EPSS
Exploits1References3
CNVD
CNVD
added 2015/01/23 12:0 a.m.3 views

Exponent CMS 'index.php' Cross-Site Scripting Vulnerability

Exponent CMS is open source content management system. A cross-site scripting vulnerability exists in Exponent CMS 'index.php' because it fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary script code in an unsuspecting user's...

6.1CVSS6.7AI score0.01475EPSS
Exploits2References1
Cvelist
Cvelist
added 2015/01/21 3:0 p.m.23 views

CVE-2015-1204

Cross-site scripting XSS vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fsresource parameter in the wp-slim-view-2 page to wp-admin/admin.php...

5.8AI score0.02346EPSS
Exploits1References3
CNVD
CNVD
added 2015/01/20 12:0 a.m.2 views

Multiple Cross-Site Scripting Vulnerabilities in Drupal Video Module

Drupal is a free and open source content management system developed in PHP. Multiple cross-site scripting vulnerabilities exist in the Drupal Video module because it fails to properly filter user-supplied input. An attacker could potentially exploit these vulnerabilities to execute arbitrary...

3.5CVSS6.9AI score0.00965EPSS
Exploits0References1
CNVD
CNVD
added 2015/01/20 12:0 a.m.2 views

Multiple Cross-Site Scripting Vulnerabilities in Drupal Room Reservations Module

Drupal is a free and open source content management system developed in PHP. Multiple cross-site scripting vulnerabilities exist in the Drupal Room Reservations module because it fails to properly filter user-supplied input. An attacker could use these vulnerabilities to execute arbitrary script...

4.9CVSS6.9AI score0.0158EPSS
Exploits0References1
CNVD
CNVD
added 2015/01/16 12:0 a.m.3 views

Django 'django.util.http.is_safe_url()' cross-site scripting vulnerability

Django is an open source web application framework written in Python . A cross-site scripting vulnerability exists in Django 'django.util.http.issafeurl' because it fails to properly filter user-supplied input. An attacker could exploit this issue to execute arbitrary script code in the browser o...

4.3CVSS6.6AI score0.03028EPSS
Exploits1References1
Prion
Prion
added 2015/01/15 3:59 p.m.24 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php...

4.3CVSS6.2AI score0.02041EPSS
Exploits2References4Affected Software1
CNVD
CNVD
added 2015/01/14 12:0 a.m.3 views

Fork CMS 'loadForm()' Function Cross-Site Scripting Vulnerability

Fork CMS is a CMS system developed in PHP. A cross-site scripting vulnerability exists in the Fork CMS 'loadForm' function due to the program failing to properly filter user-supplied input. An attacker could use this vulnerability to execute arbitrary script code or steal cookie-based...

6.1CVSS6.8AI score0.01421EPSS
Exploits2References1
Prion
Prion
added 2015/01/13 3:59 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter to wp-admin/edit.php...

4.3CVSS6.1AI score0.02046EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2015/01/13 11:59 a.m.13 views

CVE-2014-100006

Multiple cross-site scripting XSS vulnerabilities in modulesv3/googlemap/wtv3streetview.php in webtrees before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 map, 2 streetview, or 3 reset parameter...

4.3CVSS5.8AI score0.01148EPSS
Exploits0References3
Prion
Prion
added 2015/01/13 11:59 a.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI...

4.3CVSS6.2AI score0.01633EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2015/01/13 11:59 a.m.12 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 email, or 3 subject parameter in a contact action to index.php...

4.3CVSS6.1AI score0.01201EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2015/01/13 12:0 a.m.18 views

WordPress Photocrati Theme - Cross Site Scripting

Because of this vulnerability in photocrati-gallery/ecomm-sizes.php, the attackers can inject arbitrary web script or HTML via the "prodid" parameter. Solution Update the theme...

4.3CVSS3.1AI score0.02041EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2015/01/12 12:0 a.m.3 views

Drupal Field Display Label Module Cross-Site Scripting Vulnerability

Drupal is a free and open source content management system developed in PHP. A cross-site scripting vulnerability exists in the Drupal Field Display Label module because it fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary...

3.5CVSS6.6AI score0.00965EPSS
Exploits0References1
Rows per page
Query Builder