Search Results (47297 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-7129 1 Themebeans 1 Blooog Theme 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf.
CVE-2013-7141 1 Open-xchange 1 Open-xchange Appsuite 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags.
CVE-2013-7142 1 Open-xchange 1 Open-xchange Appsuite 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions.
CVE-2013-7143 1 Open-xchange 1 Open-xchange Appsuite 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule.
CVE-2013-7257 1 Codiad 1 Codiad 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field.
CVE-2013-7258 1 Web2ldap 1 Web2ldap 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "displaying group DN and entry data in group administration UI."
CVE-2010-0541 2 Apple, Redhat 3 Mac Os X, Mac Os X Server, Enterprise Linux 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page.
CVE-2013-7276 2 Recommend To A Friend Project, Wordpress 2 Recommend To A Friend, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url parameter.
CVE-2013-7277 1 Aphpkb 1 Aphpkb 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php.
CVE-2013-7279 2 Anthony Mills, Wordpress 2 S3 Video, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter.
CVE-2013-7288 1 Mybb 1 Mybb 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs.
CVE-2014-0081 4 Opensuse, Opensuse Project, Redhat and 1 more 8 Opensuse, Opensuse, Cloudforms and 5 more 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.
CVE-2012-2984 1 Websense 1 Websense Content Content Gateway 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Gateway before 7.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) item parameter.
CVE-2014-0668 1 Cisco 1 Secure Access Control System 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949.
CVE-2014-0670 1 Cisco 1 Mediasense 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686.
CVE-2014-0673 1 Cisco 1 Video Surveillance Indoor Fixed Dome Ip Hd Camera 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Cisco Video Surveillance 5000 HD IP Dome cameras allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCud10943 and CSCud10950.
CVE-2014-0680 1 Cisco 1 Identity Services Engine 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038.
CVE-2014-0681 1 Cisco 1 Identity Services Engine Software 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064.
CVE-2014-0723 1 Cisco 1 Unified Communications Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.
CVE-2014-0735 1 Cisco 1 Unified Communications Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.