Lucene search
K

7613 matches found

Patchstack
Patchstack
added 2015/01/12 12:0 a.m.9 views

WordPress Page Builder Plugin <= 2.0.3 - Reflected XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

2AI score
Exploits0References1Affected Software1
CVE
CVE
added 2015/01/09 2:0 a.m.48 views

CVE-2014-8028

Cisco Secure ACS (Access Control Server) is affected by multiple cross-site scripting (XSS) vulnerabilities in its web framework. The issue stems from insufficient input validation of several parameters passed to the web server, allowing remote attackers to craft links that persuade users to exec...

4.3CVSS5.8AI score0.01161EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2015/01/09 12:0 a.m.2 views

Multiple Cross-Site Scripting Vulnerabilities in Zurmo CRM

Zurmo CRM is the United States Zurmo company's set of open source PHP-based customer relationship management system CRM. Multiple cross-site scripting vulnerabilities exist in Zurmo CRM because it fails to properly filter user-supplied input. An attacker could potentially exploit these...

6.7AI score
Exploits0References1
Prion
Prion
added 2015/01/07 7:59 p.m.11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SAP NetWeaver Business Client NWBC for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title or 2 roundtrips parameter, aka SAP Security Note 2051285...

4.3CVSS6AI score0.01842EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2015/01/04 12:0 a.m.3 views

Multiple Cross-Site Scripting Vulnerabilities in amCharts Flash

amCharts is a company dedicated to the development of charting components, located in Vilnius, the capital of Lithuania, which started launching charting and mapping components in 2004. Multiple cross-site scripting vulnerabilities exist in amCharts Flash, allowing remote attackers to inject...

4.3CVSS6.3AI score0.00966EPSS
Exploits1References1
NVD
NVD
added 2015/01/02 7:59 p.m.13 views

CVE-2014-9439

Cross-site scripting XSS vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers to inject arbitrary web script or HTML via the username field during registration, which is not properly handled by forum.ghp...

4.3CVSS5.7AI score0.01498EPSS
Exploits0References2
Prion
Prion
added 2014/12/28 2:59 a.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the 1 datafile or 2 settingsfile parameter to ammap.swf, or 3 the datafile parameter to amtimeline.swf...

4.3CVSS6.1AI score0.01842EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2014/12/24 11:0 a.m.19 views

CVE-2014-6132

Cross-site scripting XSS vulnerability in the Web UI in IBM WebSphere Service Registry and Repository WSRR 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via...

5AI score0.01615EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/12/18 5:48 a.m.3 views

WBS Gantt-Chart for JIRA vulnerable to cross-site scripting

Overview WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in output page generation, which may lead to cross-site scripting CWE-79. Note that this vulnerability i...

4CVSS6AI score0.00936EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2014/12/18 12:0 a.m.48 views

WordPress gSlideShow 0.1 CSRF / XSS

Title: CSRF / Stored XSS Vulnerability in gSlideShow Wordpress Plugin Author: Manideep K CVE-ID: CVE 2014-9391 Plugin Homepage: https://wordpress.org/plugins/gslideshow/ Version Affected: 0.1 probably lower versions Severity: High Description: Vulnerable Parameter: 1 id:rssid , name:rss 2...

6.8CVSS0.2AI score0.01001EPSS
Exploits2
Packet Storm
Packet Storm
added 2014/12/18 12:0 a.m.45 views

WordPress Twitter LiveBlog 1.1.2 CSRF / XSS

Title: CSRF / Stored XSS Vulnerability in Twitter LiveBlog Wordpress Plugin Author: Manideep K CVE-ID: CVE-2014-9398 Plugin Homepage: https://wordpress.org/plugins/twitter-liveblog/ Version Affected: 1.1.2 probably lower versions Severity: High Description: Vulnerable Parameter:...

6.8CVSS0.01001EPSS
Exploits2
OpenVAS
OpenVAS
added 2014/12/17 12:0 a.m.13 views

IceHrm < 7.2 Multiple Vulnerabilities - Active Check

IceHrm is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3AI score
Exploits0References5
Packet Storm
Packet Storm
added 2014/12/14 12:0 a.m.52 views

WordPress yURL ReTwitt WP 1.4 CSRF / XSS

Title: CSRF/XSS Vulnerability in yURL ReTwitt WP Plugin Author: Manideep K CVE-ID: CVE-2014-9341 Plugin Homepage: https://wordpress.org/plugins/yurl-retwitt/ Version Affected: 1.4 probably lower versions Severity: High About Plugin: This plugin will allow your readers to publish a RT Re-Twitt on...

6.8CVSS6.7AI score0.0101EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2014/12/12 12:0 a.m.30 views

VMware vCenter Server Appliance Unspecified XSS (VMSA-2014-0012)

The version of VMware vCenter Server Appliance installed on the remote host is 5.1 prior to Update 3. It is, therefore, affected by an unspecified cross-site scripting vulnerability. A remote attacker can exploit this by means of a specially crafted URL or malicious web page, which can result in...

4.3CVSS5.6AI score0.01795EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/12/09 5:41 a.m.2 views

i-HTTPD vulnerable to cross-site scripting

Overview i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in generating a directory index page, which may lead to a cross-site scripting CWE-79. Note that this vulnerability is different from JVN87910097. Yamagata of webappsec.jp reported this vulnerability to IPA. JPCERT/CC coordinat...

4.3CVSS6.2AI score0.01148EPSS
Exploits0References5
Patchstack
Patchstack
added 2014/12/09 12:0 a.m.10 views

WordPress PWG Random Plugin <= 1.11 - Multiple Vulnerabilities

This plugin is prone to a cross site scripting and cross site request forgery attacks. The attackers can insert arbitrary script into admin page. Once exploited, admin’s browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies . Parameters...

3.1AI score
Exploits0References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/12/09 12:0 a.m.28 views

JVN#98097877: "Omake BBS" of i-HTTPD vulnerable to cross-site scripting

i-HTTPD is a web server for Windows. i-HTTPD contains "Omake BBS". "Omake BBS" contains a flaw in processing input character string, which may result in a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use...

4.3CVSS5.8AI score0.01773EPSS
Exploits0
Symantec
Symantec
added 2014/12/09 12:0 a.m.33 views

Microsoft Internet Explorer XSS Filter CVE-2014-6328 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute arbitrary script...

5CVSS9.4AI score0.21347EPSS
Exploits0Affected Software10
Cvelist
Cvelist
added 2014/12/08 11:0 a.m.24 views

CVE-2014-8600

Multiple cross-site scripting XSS vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the 1 zip, 2 trash, 3 tar, 4 thumbnail, 5 smtps, 6 smtp, 7 smb...

5.4AI score0.02093EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2014/12/04 12:0 a.m.79 views

Splunk Enterprise 5.0.x < 5.0.10 / 6.1.x < 6.1.4 Multiple Vulnerabilities

According to its version number, the Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.10 or 6.1.x prior to 6.1.4. It is, therefore, affected by the following vulnerabilities : - The included OpenSSL library contains a TLS downgrade weakness. By using fragmented ClientHello...

4.3CVSS7.2AI score0.13327EPSS
Exploits0References5
Rows per page
Query Builder