Search Results (47129 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-0913 1 Kozos 1 Easyctf 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0915 1 Rakus 1 Maildealer 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename.
CVE-2014-2244 1 Mediawiki 1 Mediawiki 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php.
CVE-2015-7775 1 Cybozu 1 Garoon 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197.
CVE-2014-5316 1 Dotclear 1 Dotclear 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page.
CVE-2014-5466 1 Splunk 1 Splunk 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-7604 1 Splunk 1 Splunk 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and Splunk Light 6.2.x before 6.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-7797 1 Cybozu 1 Office 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
CVE-2014-6096 1 Ibm 1 Security Identity Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-7138 1 Google Calendar Events Project 1 Google Calendar Events 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php.
CVE-2014-7139 1 Cfdbplugin 1 Contact Form Db 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) form or (2) enc parameter in the CF7DBPluginShortCodeBuilder page to wp-admin/admin.php.
CVE-2014-7151 1 Nex-forms Lite Project 1 Nex-forms Lite 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the form_fields parameter in a (1) do_edit or (2) do_insert action to wp-admin/admin-ajax.php.
CVE-2014-7157 1 Exinda 1 Wan Optimization Suite 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch.
CVE-2014-7183 1 Litecart 1 Litecart 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.
CVE-2014-7258 1 Kent-web 1 Clip Board 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 and earlier, when running certain versions of Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7261 1 Ultrapop 1 I-httpd 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string that is improperly rendered during construction of a directory index page, a different vulnerability than CVE-2014-7263.
CVE-2014-7262 1 Ultrapop 1 I-httpd 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Omake BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string.
CVE-2014-7265 1 Linpha 1 Linpha 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7268 1 Ricksoft 1 Wbs Gantt-chart 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7267.
CVE-2014-7290 1 Atlas Systems 1 Aeon 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll.