Total
39855 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4558 | 1 Cybercompany | 1 Swipehq-payment-gateway-woocommerce | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter. | ||||
| CVE-2014-4553 | 1 Spreadshirt-rss-3d-cube-flash-gallery Project | 1 Spreadshirt-rss-3d-cube-flash-gallery | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress allows remote attackers to execute arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2014-4550 | 1 Visualshortcodes | 1 Ninja | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter. | ||||
| CVE-2014-4548 | 1 Ruven-toolkit Project | 1 Ruven-toolkit | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the Ruven Toolkit plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the popup parameter. | ||||
| CVE-2014-4544 | 1 Podcast Channels Project | 1 Podcast Channels | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php. | ||||
| CVE-2014-4539 | 1 Movies Project | 1 Movies | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. | ||||
| CVE-2014-4536 | 1 Katz | 1 Infusionsoft Gravity Forms | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter. | ||||
| CVE-2014-4535 | 1 Import Legacy Media Project | 1 Import Legacy Media | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. | ||||
| CVE-2014-4530 | 1 Flog Project | 1 Flog | 2024-11-21 | 6.1 Medium |
| flog plugin 0.1 for WordPress has XSS | ||||
| CVE-2014-4525 | 1 Winwar | 1 Wp Ebay Product Feeds | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for WordPress plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter. | ||||
| CVE-2014-4523 | 1 Easy Career Openings Project | 1 Easy Career Openings | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the Easy Career Openings plugin 0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2014-4519 | 1 Conversador Project | 1 Conversador | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.61 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the 'page' parameter. | ||||
| CVE-2014-4196 | 1 Bssys | 1 Rbs Bs-client | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter. | ||||
| CVE-2014-3919 | 1 Netgear | 2 Cg3100, Cg3100 Firmware | 2024-11-21 | 9.3 Critical |
| A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information. | ||||
| CVE-2014-3875 | 1 Ulli Horlacher | 1 Fex | 2024-11-21 | 6.1 Medium |
| The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks | ||||
| CVE-2014-3827 | 1 Mybb | 1 Mybb | 2024-11-21 | 5.4 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser action or the name parameter in an (4) edit action in the user-user module or the (5) editprofile action to modcp.php. | ||||
| CVE-2014-3826 | 1 Mybb | 1 Mybb | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module. | ||||
| CVE-2014-3809 | 1 Nokia | 6 1830 Photonic Service Switch-16, 1830 Photonic Service Switch-16 Firmware, 1830 Photonic Service Switch-32 and 3 more | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. | ||||
| CVE-2014-3743 | 1 Marked Project | 1 Marked | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's. | ||||
| CVE-2014-3718 | 1 Exlibrisgroup | 1 Aleph 500 | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to inject arbitrary web script or HTML via the (1) find, (2) lib, or (3) sid parameter. | ||||