CVEs from 2014
Total
7,866
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4946 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitr… | |||
| CVE-2014-4945 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitr… | |||
| CVE-2014-4738 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors t… | |||
| CVE-2014-3821 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, … | |||
| CVE-2014-0174 | medium | — | 4.3 | 12y ago | Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers… | |||
| CVE-2014-4908 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/… | |||
| CVE-2014-4907 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a paramete… | |||
| CVE-2014-4856 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ra… | |||
| CVE-2014-4855 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. N… | |||
| CVE-2014-4854 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuc_logo parameter in a save actio… | |||
| CVE-2014-4853 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file. | |||
| CVE-2014-4849 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in msg.php in FoeCMS allow remote attackers to inject arbitrary web script or HTML via the (1) e or (2) r parameter. | |||
| CVE-2014-4848 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Blogstand Banner (blogstand-smart-banner) plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bs_blog_id pa… | |||
| CVE-2014-4847 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1 parame… | |||
| CVE-2014-4846 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to wp-admin/admin.… | |||
| CVE-2014-4845 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bannerman_background parameter to wp-admin/… | |||
| CVE-2014-3315 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web s… | |||
| CVE-2014-3310 | medium | — | 4.3 | 12y ago | The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to … | |||
| CVE-2014-2963 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML … | |||
| CVE-2014-4744 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone numb… | |||
| CVE-2014-4743 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before … | |||
| CVE-2014-4742 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_system) in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the syst… | |||
| CVE-2014-3487 | medium | — | 4.3 | 12y ago | The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remot… | |||
| CVE-2014-3479 | medium | — | 4.3 | 12y ago | The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows r… | |||
| CVE-2014-3313 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a… | |||
| CVE-2014-4724 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_banners_registered_name param… | |||
| CVE-2014-4723 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Easy Banners plugin 1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter to wp-admin/options-general… | |||
| CVE-2014-4722 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3489 | medium | — | 4.3 | 12y ago | lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force atta… | |||
| CVE-2014-0176 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unsp… | |||
| CVE-2014-0035 | medium | — | 4.3 | 12y ago | Cleartext Transmission of Sensitive Information in Apache CXF | |||
| CVE-2014-0034 | medium | — | 4.3 | 12y ago | Improper Input Validation in Apache CXF | |||
| CVE-2014-4719 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the login panel (svn/login/) in User-Friendly SVN (aka USVN) before 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the username f… | |||
| CVE-2014-4195 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the article_id parameter. | |||
| CVE-2014-4002 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3)… | |||
| CVE-2014-3149 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as download… | |||
| CVE-2014-2965 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter. | |||
| CVE-2014-4606 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php in the ZeenShare plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the zs… | |||
| CVE-2014-4597 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in test.php in the WP Social Invitations plugin before 1.4.4.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl par… | |||
| CVE-2014-4591 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in picasa_upload.php in the WP-Picasa-Image plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_i… | |||
| CVE-2014-4581 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in facture.php in the WPCB plugin 2.4.8 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||
| CVE-2014-4571 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) f… | |||
| CVE-2014-4565 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in the Verification Code for Comments plugin 2.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or… | |||
| CVE-2014-4563 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in go.php in the URL Cloak & Encrypt (url-cloak-encrypt) plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2014-4555 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in fonts/font-form.php in the Style It plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parame… | |||
| CVE-2014-4554 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title par… | |||
| CVE-2014-4549 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbi… | |||
| CVE-2014-4546 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo plugin 1.4.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the response parameter. | |||
| CVE-2014-4534 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/autoplay.php in the HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress allow remote attackers to inject arbitra… | |||
| CVE-2014-4605 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in cal/test.php in the ZdStatistics (zdstats) plugin 2.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the la… | |||
| CVE-2014-4604 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in the Your Text Manager plugin 0.3.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2014-4603 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in yupdates_application.php in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web… | |||
| CVE-2014-4601 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in wu-ratepost.php in the Wu-Rating plugin 1.0 12319 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the v parame… | |||
| CVE-2014-4600 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in contact/edit.php in the WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script … | |||
| CVE-2014-4599 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary we… | |||
| CVE-2014-4598 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php in the wp-tmkm-amazon plugin 1.5b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2014-4596 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the … | |||
| CVE-2014-4595 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful plugin 0.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) oauth_callback par… | |||
| CVE-2014-4594 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url pa… | |||
| CVE-2014-4593 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress allows remote attackers to inject arbitrary web script or… | |||
| CVE-2014-4590 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in get.php in the WP Microblogs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the oauth_verifier p… | |||
| CVE-2014-4589 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in uploader.php in the WP Silverlight Media Player (wp-media-player) plugin 0.8 and earlier for WordPress allows remote attackers to inject arbitrary web scri… | |||
| CVE-2014-4588 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the Hot Files: File Sharing and Download Manager (wphotfiles) plugin 1.0.0 and earlier for WordPress allows remote attackers to injec… | |||
| CVE-2014-4587 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3… | |||
| CVE-2014-4582 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.php in the WP Consultant plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via t… | |||
| CVE-2014-4580 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in blipbot.ajax.php in the WP BlipBot plugin 3.0.9 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the BlipBotID … | |||
| CVE-2014-4579 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in js/test.php in the Appointments Scheduler plugin 1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the lang … | |||
| CVE-2014-4578 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in asset-studio/icons-launcher.php in the WP App Maker plugin 1.0.16.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2014-4576 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2014-4574 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in resize.php in the WebEngage plugin before 2.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the height parameter. | |||
| CVE-2014-4573 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in frame-maker.php in the Walk Score plugin 0.5.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (… | |||
| CVE-2014-4572 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) ur… | |||
| CVE-2014-4570 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) r… | |||
| CVE-2014-4568 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in posts/videowhisper/r_logout.php in the Video Posts Webcam Recorder plugin 1.55.4 and earlier for WordPress allows remote attackers to inject arbitrary web … | |||
| CVE-2014-4566 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in res/fake_twitter/frame.php in the "verwei.se - WordPress - Twitter" (verweise-wordpress-twitter) plugin 1.0.2 and earlier for WordPress allows remote attac… | |||
| CVE-2014-4560 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in includes/getTipo.php in the ToolPage plugin 1.6.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the t parame… | |||
| CVE-2014-4557 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for Jigoshop (swipe-hq-checkout-for-jigoshop) plugin 3.1.0 and earlier for WordPress allows remote attackers to injec… | |||
| CVE-2014-4552 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight (spotlightyour) plugin 4.7 and earlier for WordPress allows remote attackers to… | |||
| CVE-2014-4551 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in diagnostics/test.php in the Social Connect plugin 1.0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the te… | |||
| CVE-2014-4547 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in templates/default/index_ajax.php in the Rezgo Online Booking plugin before 1.8.2 for WordPress allow remote attackers to inject arbitrary web sc… | |||
| CVE-2014-4543 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.php in the Pay Per Media Player plugin 1.24 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2014-4542 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||
| CVE-2014-4541 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in shortcode-generator/preview-shortcode-external.php in the OMFG Mobile Pro plugin 1.1.26 and earlier for WordPress allows remote attackers to inject arbitra… | |||
| CVE-2014-4540 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in oleggo-twitter/twitter_login_form.php in the Oleggo LiveStream plugin 0.2.6 and earlier for WordPress allows remote attackers to inject arbitrary web scrip… | |||
| CVE-2014-4537 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyword Strategy Internal Links plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2014-4532 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in templates/printAdminUsersList_Footer.tpl.php in the GarageSale plugin before 1.2.3 for WordPress allows remote attackers to inject arbitrary web script or … | |||
| CVE-2014-4531 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in main_page.php in the Game tabs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the n parameter. | |||
| CVE-2014-4529 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Flash Photo Gallery plugin 0.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path… | |||
| CVE-2014-4527 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin … | |||
| CVE-2014-4526 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mess… | |||
| CVE-2014-4524 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in classes/custom-image/media.php in the WP Easy Post Types plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2014-4522 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in client-assist.php in the dsSearchAgent: WordPress Edition plugin 1.0-beta10 and earlier for WordPress allows remote attackers to inject arbitrary web scrip… | |||
| CVE-2014-4694 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script o… | |||
| CVE-2014-4693 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the eng paramete… | |||
| CVE-2014-4692 | medium | — | 4.3 | 12y ago | pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive i… | |||
| CVE-2014-4687 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php, (2… | |||
| CVE-2014-3494 | medium | — | 4.3 | 12y ago | kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive in… | |||
| CVE-2014-3492 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 allow remote attackers to inject arbitrary web script or HTML via a parameter … | |||
| CVE-2014-3491 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page, … | |||
| CVE-2014-4602 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in xencarousel-admin.js.php in the XEN Carousel plugin 0.12.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HT… |