Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-4871 1 Netcommwireless 2 Nb604n, Nb604n Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter.
CVE-2014-3135 1 Vbulletin 1 Vbulletin 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the folderid parameter to a private message in privatemessage/view, (3) a fragment indicator to /help, or (4) the view parameter to a topic, as demonstrated by a request to forum/anunturi-importante/rst-power/67030-rst-admin-restore.
CVE-2014-1648 1 Symantec 1 Messaging Gateway 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter.
CVE-2014-9094 1 Digitalzoomstudio 1 Video Gallery 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.
CVE-2015-4139 1 Wp Smiley Project 1 Wp Smiley 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php.
CVE-2014-3147 1 Splunk 1 Splunk 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file.
CVE-2015-4132 1 Arubanetworks 1 Clearpass Policy Manager 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4856 1 Polldaddy Polls \& Ratings Plugin Project 1 Polldaddy Polls \& Ratings 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party information.
CVE-2016-4618 1 Apple 2 Iphone Os, Safari 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
CVE-2014-4855 1 Polylang Plugin Project 1 Polylang 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information.
CVE-2014-4854 1 Smartcatdesign 1 Wp Contruction Mode 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuc_logo parameter in a save action to wp-admin/admin.php.
CVE-2014-4849 1 Foecms 1 Foecms 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in msg.php in FoeCMS allow remote attackers to inject arbitrary web script or HTML via the (1) e or (2) r parameter.
CVE-2014-4847 1 Buffercode 1 Random Banner 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1 parameter in an update action to wp-admin/options.php.
CVE-2014-4845 1 Stillbreathing 1 Bannerman 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bannerman_background parameter to wp-admin/options-general.php.
CVE-2015-5063 1 Silverstripe 1 Silverstripe 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.
CVE-2015-5066 1 Metalgenix 1 Genixcms 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php.
CVE-2015-5519 1 Wideimage Project 1 Wideimage 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php.
CVE-2014-9743 1 Videolan 1 Vlc Media Player 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.
CVE-2015-6919 1 Googlesearch Project 1 Googlesearch 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q parameter to index.php.
CVE-2014-4838 1 Ibm 1 Tririga Application Platform 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.