Export limit exceeded: 363800 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363800 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 47163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47163 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8619 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-8622 | 1 Compfight Project | 1 Compfight | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter. | ||||
| CVE-2014-8658 | 1 Refinedwiki | 1 Refinedwiki Original Theme | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit content to inject arbitrary web script or HTML via the versionComment parameter to pages/doeditpage.action. | ||||
| CVE-2015-8247 | 1 Synnefoims | 1 Internet Management Software | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in synnefoclient in Synnefo Internet Management Software (IMS) 2015 allows remote attackers to inject arbitrary web script or HTML via the plan_name parameter to packagehistory/listusagesdata. | ||||
| CVE-2014-8724 | 1 Boldgrid | 1 W3 Total Cache | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI. | ||||
| CVE-2014-8732 | 1 Phpmemcachedadmin Project | 1 Phpmemcachedadmin | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-8745 | 1 Drupal | 1 Custom Search Module | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary label. | ||||
| CVE-2014-8747 | 1 Drupal | 1 Commons | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content creation and activity stream messages. | ||||
| CVE-2014-8748 | 1 Drupal | 1 Doubleclick For Publishers | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name. | ||||
| CVE-2014-8751 | 1 Goywp | 1 Webpress | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress 13.00.06 allow remote attackers to inject arbitrary web script or HTML via the (1) search_param parameter to search.php or (2) name, (3) address, or (4) comment parameter to forms.php. | ||||
| CVE-2014-8917 | 1 Ibm | 4 Financial Transaction Manager, Financial Transaction Manager For Check Services, Financial Transaction Manager For Corporate Payment Services and 1 more | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-8987 | 1 Mantisbt | 1 Mantisbt | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different vulnerability than CVE-2014-8986. | ||||
| CVE-2014-8992 | 1 Modx | 1 Modx Revolution | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter. | ||||
| CVE-2014-9035 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-9036 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post. | ||||
| CVE-2014-9103 | 1 Kunena | 1 Kunena | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) index value of an array parameter or the filename parameter in the Content-Disposition header to the (2) file or (3) profile image upload functionality. | ||||
| CVE-2014-9212 | 1 Altitude | 1 Altitude Unified Customer Interaction | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attribute section. | ||||
| CVE-2014-9224 | 2 Broadcom, Symantec | 2 Symantec Critical System Protection, Data Center Security | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-9243 | 1 Websitebaker | 1 Websitebaker | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5) news/modify_post.php, or (6) news/modify_settings.php in wb/modules/. | ||||
| CVE-2014-9253 | 2 Dokuwiki, Mageia | 2 Dokuwiki, Mageia | 2025-04-12 | N/A |
| The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php. | ||||