Total
37832 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2069 | 1 Woothemes | 1 Woocommerce | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports page to wp-admin/admin.php. | |||||
| CVE-2016-3978 | 1 Fortinet | 1 Fortios | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login." | |||||
| CVE-2011-5317 | 1 Wondercms | 1 Wondercms | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in editText.php in WonderCMS before 0.4 allows remote attackers to inject arbitrary web script or HTML via the content parameter. | |||||
| CVE-2016-1000128 | 1 Anti-plagiarism Project | 1 Anti-plagiarism | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin anti-plagiarism v3.60 | |||||
| CVE-2014-5202 | 1 Compfight Project | 1 Compfight | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter. | |||||
| CVE-2015-5481 | 1 Dev4press | 1 Gd Bbpress Attachments | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. | |||||
| CVE-2015-4337 | 1 Xcloner | 1 Xcloner | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php. | |||||
| CVE-2013-7365 | 1 Sap | 1 Enterprise Portal | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2011-5287 | 1 Hesk | 1 Hesk | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HESK before 2.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) hesk_settings[tmp_title] or (2) hesklang[ENCODING] parameter to inc/header.inc.php; the hesklang[attempt] parameter to (3) inc/assignment_search.inc.php, (4) inc/attachments.inc.php, (5) inc/common.inc.php, (6) inc/database.inc.php, (7) inc/prepare_ticket_search.inc.php, (8) inc/print_tickets.inc.php, (9) inc/show_admin_nav.inc.php, (10) inc/show_search_form.inc.php, or (11) inc/ticket_list.inc.php; or (12) the PATH_INFO to language/en/text.php. | |||||
| CVE-2010-5322 | 1 Ajsquare | 1 Zeuscart | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php. | |||||
| CVE-2016-4058 | 1 Huawei | 1 Policy Center | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages." | |||||
| CVE-2014-0157 | 2 Openstack, Opensuse | 2 Horizon, Opensuse | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template. | |||||
| CVE-2014-0917 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-1309 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01843. | |||||
| CVE-2013-6037 | 1 Aker | 1 Secure Mail Gateway | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter. | |||||
| CVE-2015-2807 | 1 Documentcloud | 1 Navis Documentcloud | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. | |||||
| CVE-2015-4376 | 1 Profile2 Privacy Project | 1 Profile2 Privacy | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Profile2 Privacy Levels" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-1421 | 1 Webcalendar Project | 1 Webcalendar | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php. | |||||
| CVE-2015-6535 | 1 Youtube Embed Project | 1 Youtube Embed | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in includes/options-profiles.php in the YouTube Embed plugin before 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML via the Profile name field (youtube_embed_name parameter). | |||||
| CVE-2014-3678 | 1 Jenkins-ci | 1 Monitoring Plugin | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||