Total
37062 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-10385 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2024-11-21 | N/A |
| The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST. | ||||
| CVE-2014-10380 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | N/A |
| The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms. | ||||
| CVE-2014-10378 | 1 Duplicate Post Project | 1 Duplicate Post | 2024-11-21 | N/A |
| The duplicate-post plugin before 2.6 for WordPress has XSS. | ||||
| CVE-2014-10377 | 1 Cformsii Project | 1 Cformsii | 2024-11-21 | 6.1 Medium |
| The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. | ||||
| CVE-2014-10078 | 1 Vembu | 1 Storegrid | 2024-11-21 | N/A |
| Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php. | ||||
| CVE-2014-10065 | 1 Remarkable Project | 1 Remarkable | 2024-11-21 | N/A |
| Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content. | ||||
| CVE-2014-0883 | 1 Ibm | 1 Power Hardware Management Console | 2024-11-21 | N/A |
| IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 91163. | ||||
| CVE-2014-0183 | 1 Redhat | 1 Subscription Asset Manager | 2024-11-21 | 6.1 Medium |
| Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. | ||||
| CVE-2014-0014 | 1 Emberjs | 1 Ember.js | 2024-11-21 | N/A |
| Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload. | ||||
| CVE-2014-0013 | 1 Emberjs | 1 Ember.js | 2024-11-21 | N/A |
| Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable. | ||||
| CVE-2013-7486 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | ||||
| CVE-2013-7485 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | ||||
| CVE-2013-7482 | 1 Reflex Gallery Project | 1 Reflex Gallery | 2024-11-21 | N/A |
| The reflex-gallery plugin before 1.4.3 for WordPress has XSS. | ||||
| CVE-2013-7481 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | N/A |
| The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. | ||||
| CVE-2013-7480 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas. | ||||
| CVE-2013-7479 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field. | ||||
| CVE-2013-7478 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post. | ||||
| CVE-2013-7477 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form. | ||||
| CVE-2013-7475 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | N/A |
| The contact-form-plugin plugin before 3.52 for WordPress has XSS. | ||||
| CVE-2013-7474 | 1 Windu | 1 Windu Cms | 2024-11-21 | N/A |
| Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users. | ||||