CVEs from 2014
Total
7,866
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-3807 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) blog, (2) bloggeruser, or (3) bloggerpasswd param… | |||
| CVE-2014-3803 | medium | — | 4.3 | 12y ago | The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT… | |||
| CVE-2014-1747 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote at… | |||
| CVE-2014-1855 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel before 3.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) capcheck parameter to directories.php or (2) ke… | |||
| CVE-2014-3265 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an … | |||
| CVE-2014-2195 | medium | — | 4.3 | 12y ago | Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote at… | |||
| CVE-2014-2193 | medium | — | 4.3 | 12y ago | Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCu… | |||
| CVE-2014-2192 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bu… | |||
| CVE-2014-3735 | medium | — | 4.3 | 12y ago | ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers to cause a denial of service (crash) via a crafted .avi file. | |||
| CVE-2014-3730 | medium | — | 4.3 | 12y ago | The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to condu… | |||
| CVE-2014-3452 | medium | — | 4.3 | 12y ago | Filters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .jpg file. | |||
| CVE-2014-3761 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi in the Control/U… | |||
| CVE-2014-3758 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via vectors related to the imp… | |||
| CVE-2014-3262 | medium | — | 4.3 | 12y ago | The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to c… | |||
| CVE-2014-0917 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0… | |||
| CVE-2014-1808 | medium | — | 4.3 | 12y ago | Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token information via a web site that sends a crafted response during opening of an Office document, aka "T… | |||
| CVE-2014-1754 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 201… | |||
| CVE-2014-0521 | medium | — | 4.3 | 12y ago | Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a… | |||
| CVE-2014-3456 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-0946 | medium | — | 4.3 | 12y ago | The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, whi… | |||
| CVE-2014-0913 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka S… | |||
| CVE-2014-2854 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the SemanticTitle extension before 1.1.0 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3207 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1. | |||
| CVE-2014-2689 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to installer/index.php. | |||
| CVE-2014-0190 | medium | — | 4.3 | 12y ago | The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. | |||
| CVE-2014-0110 | medium | — | 4.3 | 12y ago | Uncontrolled Resource Consumption in Apache CXF | |||
| CVE-2014-0109 | medium | — | 4.3 | 12y ago | Uncontrolled Resource Consumption in Apache CXF | |||
| CVE-2014-0362 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inj… | |||
| CVE-2014-2191 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via a… | |||
| CVE-2014-0911 | medium | — | 4.3 | 12y ago | inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors. | |||
| CVE-2014-0198 | medium | — | 4.3 | 12y ago | The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows … | |||
| CVE-2014-0149 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name. | |||
| CVE-2014-1899 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inje… | |||
| CVE-2014-1441 | medium | — | 4.3 | 12y ago | Core FTP Server 1.2 before build 515 allows remote attackers to cause a denial of service (reachable assertion and crash) via an AUTH SSL command with malformed data, as demonstrated by pressing the … | |||
| CVE-2014-0896 | medium | — | 4.3 | 12y ago | IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request. | |||
| CVE-2014-0823 | medium | — | 4.3 | 12y ago | IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL. | |||
| CVE-2014-3135 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the fold… | |||
| CVE-2014-3134 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-1955 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-2853 | medium | — | 4.3 | 12y ago | Cross-site scripting vulnerability in includes/actions/InfoAction.php | |||
| CVE-2014-2980 | medium | — | 4.3 | 12y ago | Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of s… | |||
| CVE-2014-2715 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML… | |||
| CVE-2014-2285 | medium | — | 4.3 | 12y ago | The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptr… | |||
| CVE-2014-2907 | medium | — | 4.3 | 12y ago | The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to … | |||
| CVE-2014-2393 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive file… | |||
| CVE-2014-2392 | medium | — | 4.3 | 12y ago | The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attack… | |||
| CVE-2014-2391 | medium | — | 4.3 | 12y ago | The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string represen… | |||
| CVE-2014-2554 | medium | — | 4.3 | 12y ago | OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element. | |||
| CVE-2014-1648 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to… | |||
| CVE-2014-1296 | medium | — | 4.3 | 12y ago | CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allow… | |||
| CVE-2014-2890 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.con… | |||
| CVE-2014-2925 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrar… | |||
| CVE-2014-0778 | medium | — | 4.3 | 12y ago | TCPUploader module listens on Port 10651/TCP for incoming connections. Exploitation of this vulnerability could allow a remote unauthenticated user access to release OS version information. While t… | |||
| CVE-2014-2288 | medium | — | 4.3 | 12y ago | The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS requ… | |||
| CVE-2014-2014 | medium | — | 4.3 | 12y ago | imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing t… | |||
| CVE-2014-2856 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, rela… | |||
| CVE-2014-2471 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect integrity via unknown vectors related to Learner Pages. | |||
| CVE-2014-2468 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Open_UI, a different vulnerabili… | |||
| CVE-2014-2465 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. | |||
| CVE-2014-2463 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related… | |||
| CVE-2014-2458 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Products Suite 6.1.0.3 and 6.1.1.3 allows remote attackers to affect integrity via unknown vectors rel… | |||
| CVE-2014-2457 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Products Suite 6.0 and 6.1.0 allows remote attackers to affect integrity via unknown vectors related t… | |||
| CVE-2014-2454 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect confidentiality via unknown vectors related to User Interfa… | |||
| CVE-2014-2453 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to User Interface. | |||
| CVE-2014-2443 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core… | |||
| CVE-2014-2413 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries. | |||
| CVE-2014-2400 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information … | |||
| CVE-2014-0464 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463. | |||
| CVE-2014-0463 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0464. | |||
| CVE-2014-0459 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D. | |||
| CVE-2014-0426 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a … | |||
| CVE-2014-0413 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a … | |||
| CVE-2014-2861 | medium | — | 4.3 | 12y ago | Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string, as demonstrate… | |||
| CVE-2014-2860 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to inject arbitrary web script or HTML via a crafted HTTP request … | |||
| CVE-2014-0923 | medium | — | 4.3 | 12y ago | IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon restart) via crafted MQ Telemetry Transport (MQTT) authentication data. | |||
| CVE-2014-0922 | medium | — | 4.3 | 12y ago | IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (resource consumption) via WebSockets MQ Telemetry Transport (MQTT) data. | |||
| CVE-2014-0921 | medium | — | 4.3 | 12y ago | The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon crash and message data loss) via malformed headers during a WebSockets c… | |||
| CVE-2014-0157 | medium | — | 4.3 | 12y ago | OpenStack Dashboard (aka Horizon) vulnerable to Cross-site Scripting | |||
| CVE-2014-2712 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20… | |||
| CVE-2014-2711 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46… | |||
| CVE-2014-0331 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale param… | |||
| CVE-2014-1726 | medium | — | 4.3 | 12y ago | The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access. | |||
| CVE-2014-0509 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 1… | |||
| CVE-2014-2542 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rende… | |||
| CVE-2014-0827 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workload Replay 1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2014-0337 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML … | |||
| CVE-2014-2117 | medium | — | 4.3 | 12y ago | Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified p… | |||
| CVE-2014-2116 | medium | — | 4.3 | 12y ago | Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882. | |||
| CVE-2014-2114 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, … | |||
| CVE-2014-0638 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving… | |||
| CVE-2014-0637 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to … | |||
| CVE-2014-2578 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-2138 | medium | — | 4.3 | 12y ago | CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL,… | |||
| CVE-2014-2137 | medium | — | 4.3 | 12y ago | CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a … | |||
| CVE-2014-2125 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter,… | |||
| CVE-2014-1942 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx in Pearson eSIS Enterprise Student Information System allows remote attackers to inject arbitrary web script or HTML via unspeci… | |||
| CVE-2014-0828 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.… | |||
| CVE-2014-0086 | medium | — | 4.3 | 12y ago | JBoss RichFaces Improper Input Validation vulnerability | |||
| CVE-2014-2118 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web… | |||
| CVE-2014-2326 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |