CVEs from 2014
Total
7,872
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-6237 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the News Pack extension 0.1.0 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-5313 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the management page in Six Apart Movable Type before 5.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-4787 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authentic… | |||
| CVE-2014-4756 | low | — | 3.5 | 12y ago | The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to hijack sessions via unspecified vectors. | |||
| CVE-2014-5508 | low | — | 3.5 | 12y ago | Multiple integer overflows in the HelpServ module (mod-helpserv.c) in srvx 1.3.1 allow remote authenticated IRCops or HelpServ bot managers to cause a denial of service (infinite loop) via a large va… | |||
| CVE-2014-3095 | low | — | 3.5 | 12y ago | The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of… | |||
| CVE-2014-3075 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web scr… | |||
| CVE-2014-0897 | low | — | 3.5 | 12y ago | The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account… | |||
| CVE-2014-3035 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitr… | |||
| CVE-2014-3034 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFi… | |||
| CVE-2014-0483 | low | — | 3.5 | 12y ago | The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship be… | |||
| CVE-2014-3033 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authen… | |||
| CVE-2014-5338 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or H… | |||
| CVE-2014-3594 | low | — | 3.5 | 12y ago | OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface | |||
| CVE-2014-5274 | low | — | 3.5 | 12y ago | phpMyAdmin cross-site scripting vulnerability in crafted view name | |||
| CVE-2014-5273 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web scrip… | |||
| CVE-2014-3903 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x before 1.6.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via crafted Exif data. | |||
| CVE-2014-5202 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-valu… | |||
| CVE-2014-3102 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF28 and 8.0.0 before 8.0.0.1 CF13 allows remote authenticated users to inject arbitrary web script or HTML via … | |||
| CVE-2014-3069 | low | — | 3.5 | 12y ago | Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticat… | |||
| CVE-2014-3031 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Service Manager 4.2.0 before 4.2.0.0 IF12 and 4.2.1 before 4.2.1.3 IF9 allows remote authenticated users to inject arbitrary web script… | |||
| CVE-2014-3559 | low | — | 3.5 | 12y ago | The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows r… | |||
| CVE-2014-3009 | low | — | 3.5 | 12y ago | The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does n… | |||
| CVE-2014-5174 | low | — | 3.5 | 12y ago | The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive info… | |||
| CVE-2014-3025 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3… | |||
| CVE-2014-0915 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3… | |||
| CVE-2014-0914 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for Sm… | |||
| CVE-2014-3050 | low | — | 3.5 | 12y ago | IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspeci… | |||
| CVE-2014-3026 | low | — | 3.5 | 12y ago | CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to in… | |||
| CVE-2014-3551 | low | — | 3.5 | 12y ago | Moodle multiple cross-site scripting (XSS) vulnerabilities | |||
| CVE-2014-2971 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the descriptio… | |||
| CVE-2014-4986 | low | — | 3.5 | 12y ago | phpMyAdmin cross-site scripting Vulnerability in Table or Column Names | |||
| CVE-2014-4955 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 all… | |||
| CVE-2014-4954 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrar… | |||
| CVE-2014-1995 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspe… | |||
| CVE-2014-1994 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified ve… | |||
| CVE-2014-1992 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML… | |||
| CVE-2014-0970 | low | — | 3.5 | 12y ago | The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 an… | |||
| CVE-2014-0968 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Serv… | |||
| CVE-2014-0967 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Serv… | |||
| CVE-2014-4251 | low | — | 3.5 | 12y ago | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0 and 12.1.2.0 allows remote authenticated users to affect integrity via vectors related to plugin 1… | |||
| CVE-2014-4250 | low | — | 3.5 | 12y ago | Unspecified vulnerability in the Siebel Core - Server OM Frwks component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related t… | |||
| CVE-2014-4246 | low | — | 3.5 | 12y ago | Unspecified vulnerability in the Hyperion Analytic Provider Services component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via vectors related… | |||
| CVE-2014-4245 | low | — | 3.5 | 12y ago | Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vect… | |||
| CVE-2014-4235 | low | — | 3.5 | 12y ago | Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect integrity via unknown vec… | |||
| CVE-2014-4204 | low | — | 3.5 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Cor… | |||
| CVE-2014-4167 | low | — | 3.5 | 12y ago | The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by at… | |||
| CVE-2014-0875 | low | — | 3.5 | 12y ago | Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL … | |||
| CVE-2014-2512 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecif… | |||
| CVE-2014-4669 | low | — | 3.5 | 12y ago | HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a Ge… | |||
| CVE-2014-4349 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ta… | |||
| CVE-2014-4348 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) tab… | |||
| CVE-2014-3013 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted… | |||
| CVE-2014-3012 | low | — | 3.5 | 12y ago | Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response spli… | |||
| CVE-2014-3949 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to … | |||
| CVE-2014-3943 | low | — | 3.5 | 12y ago | Typo3 XSS Vulnerabilities | |||
| CVE-2014-3933 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbi… | |||
| CVE-2014-0925 | low | — | 3.5 | 12y ago | Open redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and c… | |||
| CVE-2014-0178 | low | — | 3.5 | 12y ago | Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, w… | |||
| CVE-2014-0825 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7… | |||
| CVE-2014-0824 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Ser… | |||
| CVE-2014-3014 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via… | |||
| CVE-2014-3801 | low | — | 3.5 | 12y ago | OpenStack Heat template URL information leakage | |||
| CVE-2014-0945 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote… | |||
| CVE-2014-0134 | low | — | 3.5 | 12y ago | The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authentica… | |||
| CVE-2014-1988 | low | — | 3.5 | 12y ago | The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors. | |||
| CVE-2014-0942 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script … | |||
| CVE-2014-0941 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script … | |||
| CVE-2014-2260 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the comma… | |||
| CVE-2014-2729 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which… | |||
| CVE-2014-0932 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject … | |||
| CVE-2014-2289 | low | — | 3.5 | 12y ago | res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request witho… | |||
| CVE-2014-2287 | low | — | 3.5 | 12y ago | channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when c… | |||
| CVE-2014-2844 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new par… | |||
| CVE-2014-2467 | low | — | 3.5 | 12y ago | Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to … | |||
| CVE-2014-2464 | low | — | 3.5 | 12y ago | Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3.0 allows remote authenticated users to affect confidentiality via unknown vectors rel… | |||
| CVE-2014-2451 | low | — | 3.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges. | |||
| CVE-2014-2445 | low | — | 3.5 | 12y ago | Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to … | |||
| CVE-2014-2438 | low | — | 3.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication. | |||
| CVE-2014-2430 | low | — | 3.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema. | |||
| CVE-2014-2398 | low | — | 3.5 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related… | |||
| CVE-2014-0465 | low | — | 3.5 | 12y ago | Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via unknown vectors related to Admin C… | |||
| CVE-2014-0348 | low | — | 3.5 | 12y ago | The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option… | |||
| CVE-2014-0341 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.… | |||
| CVE-2014-0347 | low | — | 3.5 | 12y ago | The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix… | |||
| CVE-2014-2553 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary we… | |||
| CVE-2014-0901 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated user… | |||
| CVE-2014-2670 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter… | |||
| CVE-2014-0848 | low | — | 3.5 | 12y ago | The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote at… | |||
| CVE-2014-0884 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to inject arbitrary web script or HTML… | |||
| CVE-2014-2571 | low | — | 3.5 | 12y ago | Moodle cross-site scripting (XSS) vulnerability | |||
| CVE-2014-0850 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Reference Data Management (RDM) Hub 10.1 and 11.0 before 11.0.0.0-MDM-IF008 allows remote authenticated users to inje… | |||
| CVE-2014-2291 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10… | |||
| CVE-2014-0846 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authen… | |||
| CVE-2014-0844 | low | — | 3.5 | 12y ago | Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users t… | |||
| CVE-2014-2067 | low | — | 3.5 | 12y ago | Jenkins cross-site scripting (XSS) vulnerability | |||
| CVE-2014-0874 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter. | |||
| CVE-2014-0858 | low | — | 3.5 | 12y ago | IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL. | |||
| CVE-2014-0853 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allo… | |||
| CVE-2014-0843 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to inject arbitrary web script or HTML by … |