Export limit exceeded: 328243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 42840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (42840 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9126 | 1 Open-school | 1 Open-school | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php. | ||||
| CVE-2014-8944 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 5.4 Medium |
| Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter. | ||||
| CVE-2014-8780 | 1 Jease | 1 Jease | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note. | ||||
| CVE-2014-8674 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 5.4 Medium |
| Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code. | ||||
| CVE-2014-8597 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel. | ||||
| CVE-2014-8579 | 1 Trendnet | 2 Tew-823dru, Tew-823dru Firmware | 2024-11-21 | N/A |
| TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session. | ||||
| CVE-2014-8490 | 1 Tennisconnect | 1 Components | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9.927 allows remote attackers to inject arbitrary web script or HTML via the pid parameter to index.cfm. | ||||
| CVE-2014-8338 | 1 Videowhisper | 1 Webcam | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. | ||||
| CVE-2014-7238 | 1 Formget | 1 Contact Form Integrated With Google Maps | 2024-11-21 | 6.1 Medium |
| The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS | ||||
| CVE-2014-6617 | 1 Industrial.softing | 2 Fg-100 Pb Profibus, Fg-100 Pb Profibus Firmware | 2024-11-21 | N/A |
| Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | ||||
| CVE-2014-6604 | 1 Subscribe2 Project | 1 Subscribe2 | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter. | ||||
| CVE-2014-6447 | 1 Juniper | 1 Junos | 2024-11-21 | 7.1 High |
| Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1. | ||||
| CVE-2014-6420 | 1 Livefyre | 1 Livecomments | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture. | ||||
| CVE-2014-6413 | 1 Watchguard | 1 Fireware Xtm | 2024-11-21 | 6.1 Medium |
| A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. | ||||
| CVE-2014-6169 | 1 Ibm | 1 Forms Experience Builder | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777. | ||||
| CVE-2014-6071 | 1 Jquery | 1 Jquery | 2024-11-21 | N/A |
| jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after. | ||||
| CVE-2014-6027 | 1 Torrentflux Project | 1 Torrentflux | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details. | ||||
| CVE-2014-5500 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-11-21 | 6.1 Medium |
| Synacor Zimbra Collaboration before 8.0.8 has XSS. | ||||
| CVE-2014-5434 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2024-11-21 | N/A |
| Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. | ||||
| CVE-2014-5431 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2024-11-21 | N/A |
| Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes. | ||||