Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5337 1 Moodle 1 Moodle 2025-04-12 N/A
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted .swf file.
CVE-2014-4594 1 Wordpress Responsive Preview Project 1 Wordpress Responsive Preview 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2014-4589 1 Wp Silverlight Media Player Project 1 Wp Silverlight Media Player 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in uploader.php in the WP Silverlight Media Player (wp-media-player) plugin 0.8 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter.
CVE-2014-4588 1 Hot Files\ 1 File Sharing And Download Manager Project 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the Hot Files: File Sharing and Download Manager (wphotfiles) plugin 1.0.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mediaid parameter.
CVE-2014-4587 1 Wp Guestmap Project 1 Wp Guestmap Project 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3) dc parameter to guest-locator.php; the (4) zl, (5) mt, (6) activate, or (7) dc parameter to online-tracker.php; the (8) zl, (9) mt, or (10) dc parameter to stats-map.php; or the (11) zl, (12) mt, (13) activate, or (14) dc parameter to weather-map.php.
CVE-2014-4600 2 Wordpress, Wp Ultimate Email Marketer Project 2 Wordpress, Wp Ultimate Email Marketer 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in contact/edit.php in the WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) listname or (2) contact parameter.
CVE-2014-4586 1 Wp-football Project 1 Wp-football 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the wp-football plugin 1.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the league parameter to (1) football_classification.php, (2) football_criteria.php, (3) templates/template_default_preview.php, or (4) templates/template_worldCup_preview.php; the (5) f parameter to football-functions.php; the id parameter in an "action" action to (6) football_groups_list.php, (7) football_matches_list.php, (8) football_matches_phase.php, or (9) football_phases_list.php; or the (10) id_league parameter in a delete action to football_matches_load.php.
CVE-2014-4583 1 Wp-contact Plugin Project 1 Wp-contact-sidebar-widget 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in forms/messages.php in the WP-Contact (wp-contact-sidebar-widget) plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) order_direction, (3) limit_start, (4) id, or (5) order parameter.
CVE-2014-4603 2 Wordpress, Yahoo\! Updates For Wordpress Plugin Project 2 Wordpress, Yahoo\! Updates For Wordpress Plugin 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in yupdates_application.php in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) secret, (2) key, or (3) appid parameter.
CVE-2014-4582 1 Wp Consultant Project 1 Wp Consultant 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.php in the WP Consultant plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the dialog_id parameter.
CVE-2014-4606 1 Zeenshare Project 1 Zeenshare 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php in the ZeenShare plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the zs_sid parameter.
CVE-2016-0387 1 Ibm 1 Tririga Application Platform 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883.
CVE-2014-4580 1 Wp Blipbot Project 1 Wp Blipbot 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in blipbot.ajax.php in the WP BlipBot plugin 3.0.9 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the BlipBotID parameter.
CVE-2014-4579 1 Wp Appointments Schedules Project 1 Wp Appointments Schedules 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in js/test.php in the Appointments Scheduler plugin 1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2014-4575 1 Wikipop Plugin Project 1 Wikipop 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in js/window.php in the Wikipop plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2014-7182 1 Codecabin 1 Wp Go Maps 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker action in the wp-google-maps-menu page to wp-admin/admin.php.
CVE-2014-4572 1 Votecount For Balatarin Project 1 Votecount For Balatarin 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) bvcurl parameter.
CVE-2014-4571 1 Vn-calendar Project 1 Vn-calendar 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fs or (2) w parameter.
CVE-2014-4569 1 Videowhisper 1 Videowhisper Live Streaming Integration 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.
CVE-2014-4694 2 Netgate, Pfsense 2 Pfsense, Suricata Package 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables.