CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-7261 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string that is improperly rendered during construction of … | |||
| CVE-2014-7852 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handl… | |||
| CVE-2014-8632 | medium | — | 4.3 | 12y ago | The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass in… | |||
| CVE-2014-8631 | medium | — | 4.3 | 12y ago | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object … | |||
| CVE-2014-1591 | medium | — | 4.3 | 12y ago | Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after… | |||
| CVE-2014-1590 | medium | — | 4.3 | 12y ago | The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of … | |||
| CVE-2014-8602 | medium | — | 4.3 | 12y ago | iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite numbe… | |||
| CVE-2014-6368 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | |||
| CVE-2014-6365 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerabi… | |||
| CVE-2014-6326 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS V… | |||
| CVE-2014-6325 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS V… | |||
| CVE-2014-9364 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Unified Login form in the LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via uns… | |||
| CVE-2014-9361 | medium | — | 4.3 | 12y ago | The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privi… | |||
| CVE-2014-9120 | medium | — | 4.3 | 12y ago | Subrion CMS Cross-site scripting in search | |||
| CVE-2014-8091 | medium | — | 4.3 | 12y ago | X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value… | |||
| CVE-2014-8488 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionali… | |||
| CVE-2014-8730 | medium | — | 4.3 | 12y ago | The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge … | |||
| CVE-2014-9352 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the mail administration login panel in Scalix Web Access 11.4.6.12377 allows remote attackers to inject arbitrary web script or HTML via unspecified vector… | |||
| CVE-2014-9281 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in admin/copy_field.php in MantisBT before 1.2.18 allows remote attackers to inject arbitrary web script or HTML via the dest_id field. | |||
| CVE-2014-9270 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 through 1.2.17 allows remote attackers to inject arbitrary … | |||
| CVE-2014-9342 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2014-9219 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||
| CVE-2014-8600 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web s… | |||
| CVE-2014-8371 | medium | — | 4.3 | 12y ago | VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, whic… | |||
| CVE-2014-3797 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3616 | medium | — | 4.3 | 12y ago | nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote at… | |||
| CVE-2014-7258 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 and earlier, when running certain versions of Internet Explorer, allows remote attackers to inject arbitrary web script or HTML vi… | |||
| CVE-2014-9212 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an emai… | |||
| CVE-2014-3988 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name … | |||
| CVE-2014-9182 | medium | — | 4.3 | 12y ago | models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header. | |||
| CVE-2014-9176 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.ph… | |||
| CVE-2014-9174 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or … | |||
| CVE-2014-9153 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter … | |||
| CVE-2014-7291 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in api_events.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) m or (2) cid parameter. | |||
| CVE-2014-5237 | medium | — | 4.3 | 12y ago | Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger re… | |||
| CVE-2014-8958 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script… | |||
| CVE-2014-7850 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation. | |||
| CVE-2014-4883 | medium | — | 4.3 | 12y ago | resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for… | |||
| CVE-2014-4832 | medium | — | 4.3 | 12y ago | IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensi… | |||
| CVE-2014-9103 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) index value of an array … | |||
| CVE-2014-9100 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydowork_ads… | |||
| CVE-2014-6196 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attack… | |||
| CVE-2014-9039 | medium | — | 4.3 | 12y ago | wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that rec… | |||
| CVE-2014-9036 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a c… | |||
| CVE-2014-9035 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script o… | |||
| CVE-2014-9032 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2014-9031 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2014-9059 | medium | — | 4.3 | 12y ago | Moodle does not provide charset information in HTTP headers | |||
| CVE-2014-5326 | medium | — | 4.3 | 12y ago | Improper Neutralization of Input During Web Page Generation in Direct Web Remoting | |||
| CVE-2014-8683 | medium | — | 4.3 | 12y ago | Cross-site Scripting in Gogs in gogs.io/gogs | |||
| CVE-2014-8539 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.… | |||
| CVE-2014-9021 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) tr69… | |||
| CVE-2014-9020 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter i… | |||
| CVE-2014-8996 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.… | |||
| CVE-2014-8629 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to i… | |||
| CVE-2014-7290 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dl… | |||
| CVE-2014-8475 | medium | — | 4.3 | 12y ago | FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attacker… | |||
| CVE-2014-6107 | medium | — | 4.3 | 12y ago | IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. | |||
| CVE-2014-6105 | medium | — | 4.3 | 12y ago | IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2014-6096 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2014-8955 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject … | |||
| CVE-2014-8732 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3629 | medium | — | 4.3 | 12y ago | XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. | |||
| CVE-2014-3502 | medium | — | 4.3 | 12y ago | Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. | |||
| CVE-2014-3501 | medium | — | 4.3 | 12y ago | Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. | |||
| CVE-2014-3707 | medium | — | 4.3 | 12y ago | The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out… | |||
| CVE-2014-7248 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file. | |||
| CVE-2014-7991 | medium | — | 4.3 | 12y ago | The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which … | |||
| CVE-2014-8557 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in JExperts Channel Platform 5.0.33_CCB allow remote attackers to inject arbitrary web script or HTML via the (1) usuario.nome variable in an edita… | |||
| CVE-2014-6350 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than C… | |||
| CVE-2014-6349 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than C… | |||
| CVE-2014-6346 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 8 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclo… | |||
| CVE-2014-6345 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure… | |||
| CVE-2014-6340 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclo… | |||
| CVE-2014-6323 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 7 through 11 allows remote attackers to obtain sensitive clipboard information via a crafted web site, aka "Internet Explorer Clipboard Information Disclosure Vulnerabilit… | |||
| CVE-2014-6322 | medium | — | 4.3 | 12y ago | The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow… | |||
| CVE-2014-6318 | medium | — | 4.3 | 12y ago | The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, an… | |||
| CVE-2014-4116 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elev… | |||
| CVE-2014-6300 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arb… | |||
| CVE-2014-6623 | medium | — | 4.3 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged … | |||
| CVE-2014-6620 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-8672 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the RewardingYourself application for Android and BlackBerry OS allows remote attackers to inject arbitrary web script or HTML via a crafted QR code. | |||
| CVE-2014-8671 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the GWT Mobile PhoneGap Showcase application for Android allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name… | |||
| CVE-2014-5451 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" par… | |||
| CVE-2014-8667 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-8508 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, relat… | |||
| CVE-2014-8352 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in json.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz allows remote we servers to inject arbitrary web script or HTML via … | |||
| CVE-2014-7958 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2014-5257 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request … | |||
| CVE-2014-4664 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the W… | |||
| CVE-2014-4834 | medium | — | 4.3 | 12y ago | IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and … | |||
| CVE-2014-4810 | medium | — | 4.3 | 12y ago | IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logo… | |||
| CVE-2014-8471 | medium | — | 4.3 | 12y ago | CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to conduct replay attacks via unspecified vectors. | |||
| CVE-2014-8593 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter… | |||
| CVE-2014-8590 | medium | — | 4.3 | 12y ago | XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. | |||
| CVE-2014-8584 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or… | |||
| CVE-2014-3654 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML … | |||
| CVE-2014-3473 | medium | — | 4.3 | 12y ago | Horizon-Orchestration Cross-site scripting (XSS) vulnerability through resource name | |||
| CVE-2014-7987 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php. | |||
| CVE-2014-2336 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web scrip… |