CVEs from 2014
Total
7,866
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4585 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin possibly 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajax_url parameter to… | |||
| CVE-2014-4584 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the … | |||
| CVE-2014-4583 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in forms/messages.php in the WP-Contact (wp-contact-sidebar-widget) plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary… | |||
| CVE-2014-4575 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in js/window.php in the Wikipop plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||
| CVE-2014-4569 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web scri… | |||
| CVE-2014-4564 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in check.php in the Validated plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter. | |||
| CVE-2014-4556 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for eShop plugin 3.7.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via t… | |||
| CVE-2014-4545 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) l… | |||
| CVE-2014-4538 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query paramet… | |||
| CVE-2014-4533 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in ajax_functions.php in the GEO Redirector plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the hid_… | |||
| CVE-2014-4528 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-settings.php in the Bugs Go Viral : Facebook Promotion Generator (fbpromotions) plugin 1.3.4 and earlier for WordPress allow remote … | |||
| CVE-2014-4521 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action par… | |||
| CVE-2014-4520 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir param… | |||
| CVE-2014-4518 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2014-4516 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via t… | |||
| CVE-2014-4515 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text pa… | |||
| CVE-2014-4513 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web … | |||
| CVE-2014-1369 | medium | — | 4.3 | 12y ago | WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site. | |||
| CVE-2014-1345 | medium | — | 4.3 | 12y ago | WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted… | |||
| CVE-2014-2006 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3433 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified fo… | |||
| CVE-2014-3432 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified fo… | |||
| CVE-2014-4337 | medium | — | 4.3 | 12y ago | The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) … | |||
| CVE-2014-3431 | medium | — | 4.3 | 12y ago | Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restr… | |||
| CVE-2014-4505 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-4335 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) host or (2) password parameter to rtl/protected/a… | |||
| CVE-2014-4329 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ntopng 1.1 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | |||
| CVE-2014-0599 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML… | |||
| CVE-2014-4020 | medium | — | 4.3 | 12y ago | The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended t… | |||
| CVE-2014-2779 | medium | — | 4.3 | 12y ago | mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to cause a denial of service (system hang) via a crafted file. | |||
| CVE-2014-4309 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 allow remote attackers to inject arbitrary web script or HTML via the (1) TinkerAjax parameter to uptime.html, or remote authenti… | |||
| CVE-2014-4308 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) USRLNM par… | |||
| CVE-2014-4304 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy 1.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter. | |||
| CVE-2014-4302 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D Shop Engine allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | |||
| CVE-2014-3877 | medium | — | 4.3 | 12y ago | Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fu… | |||
| CVE-2014-3876 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey par… | |||
| CVE-2014-4189 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attack… | |||
| CVE-2014-4187 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field. | |||
| CVE-2014-4048 | medium | — | 4.3 | 12y ago | The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which trigg… | |||
| CVE-2014-4045 | medium | — | 4.3 | 12y ago | The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (asser… | |||
| CVE-2014-4165 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin. | |||
| CVE-2014-4164 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html. | |||
| CVE-2014-3994 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbi… | |||
| CVE-2014-3428 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet. | |||
| CVE-2014-2002 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in C-BOARD Moyuku 1.01b6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-4161 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||
| CVE-2014-4160 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (… | |||
| CVE-2014-4037 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitr… | |||
| CVE-2014-4036 | medium | — | 4.3 | 12y ago | ImpressCMS Cross-site scripting Vulnerability | |||
| CVE-2014-4032 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field. | |||
| CVE-2014-0533 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AI… | |||
| CVE-2014-0532 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AI… | |||
| CVE-2014-0531 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AI… | |||
| CVE-2014-1823 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containin… | |||
| CVE-2014-1816 | medium | — | 4.3 | 12y ago | Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1)… | |||
| CVE-2014-4017 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php. | |||
| CVE-2014-3289 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and… | |||
| CVE-2014-3036 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote attackers to bypass intended restrictions on topology access, and obtain sensitive i… | |||
| CVE-2014-0936 | medium | — | 4.3 | 12y ago | IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows re… | |||
| CVE-2014-3470 | medium | — | 4.3 | 12y ago | The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers t… | |||
| CVE-2014-0221 | medium | — | 4.3 | 12y ago | The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client… | |||
| CVE-2014-2577 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote… | |||
| CVE-2014-1998 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3960 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3948 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or H… | |||
| CVE-2014-3833 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web sc… | |||
| CVE-2014-3832 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possi… | |||
| CVE-2014-3786 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1) uemai… | |||
| CVE-2014-2502 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3959 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1… | |||
| CVE-2014-2939 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3… | |||
| CVE-2014-0042 | medium | — | 4.3 | 12y ago | OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded pa… | |||
| CVE-2014-0041 | medium | — | 4.3 | 12y ago | OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows m… | |||
| CVE-2014-0040 | medium | — | 4.3 | 12y ago | OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, whi… | |||
| CVE-2014-0119 | medium | — | 4.3 | 12y ago | Missing XML Validation in Apache Tomcat | |||
| CVE-2014-0099 | medium | — | 4.3 | 12y ago | Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat | |||
| CVE-2014-0096 | medium | — | 4.3 | 12y ago | Improper Input Validation in Apache Tomcat | |||
| CVE-2014-2342 | medium | — | 4.3 | 12y ago | Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet. | |||
| CVE-2014-3010 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 … | |||
| CVE-2014-3924 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows. | |||
| CVE-2014-3923 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink … | |||
| CVE-2014-3922 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addW… | |||
| CVE-2014-3921 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter. | |||
| CVE-2014-0246 | medium | — | 4.3 | 12y ago | SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive. | |||
| CVE-2014-3870 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd… | |||
| CVE-2014-0218 | medium | — | 4.3 | 12y ago | Moodle cross-site scripting (XSS) vulnerability | |||
| CVE-2014-0217 | medium | — | 4.3 | 12y ago | Moodle does not check for the moodle/course:viewhiddencourses capability | |||
| CVE-2014-0893 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allo… | |||
| CVE-2014-0906 | medium | — | 4.3 | 12y ago | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leve… | |||
| CVE-2014-3274 | medium | — | 4.3 | 12y ago | Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory inf… | |||
| CVE-2014-3266 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, ak… | |||
| CVE-2014-0639 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-2947 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter. | |||
| CVE-2014-3846 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Flying Cart allows remote attackers to inject arbitrary web script or HTML via the p parameter to index.php. | |||
| CVE-2014-3841 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form lay… | |||
| CVE-2014-0956 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows … | |||
| CVE-2014-0955 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbi… | |||
| CVE-2014-0952 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF28, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allow… | |||
| CVE-2014-0951 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2014-3808 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) role parameter to roles.lsp, (2) name para… |