Export limit exceeded: 45420 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45420 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-10065 | 1 Remarkable Project | 1 Remarkable | 2024-11-21 | N/A |
| Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content. | ||||
| CVE-2014-0883 | 1 Ibm | 1 Power Hardware Management Console | 2024-11-21 | N/A |
| IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 91163. | ||||
| CVE-2014-0234 | 1 Redhat | 1 Openshift | 2024-11-21 | 9.8 Critical |
| The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281. | ||||
| CVE-2014-0183 | 1 Redhat | 1 Subscription Asset Manager | 2024-11-21 | 6.1 Medium |
| Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. | ||||
| CVE-2014-0175 | 3 Debian, Puppet, Redhat | 3 Debian Linux, Marionette Collective, Openshift | 2024-11-21 | 9.8 Critical |
| mcollective has a default password set at install | ||||
| CVE-2014-0014 | 1 Emberjs | 1 Ember.js | 2024-11-21 | N/A |
| Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload. | ||||
| CVE-2014-0013 | 1 Emberjs | 1 Ember.js | 2024-11-21 | N/A |
| Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable. | ||||
| CVE-2013-7486 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | ||||
| CVE-2013-7485 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | ||||
| CVE-2013-7482 | 1 Reflex Gallery Project | 1 Reflex Gallery | 2024-11-21 | N/A |
| The reflex-gallery plugin before 1.4.3 for WordPress has XSS. | ||||
| CVE-2013-7481 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | N/A |
| The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. | ||||
| CVE-2013-7480 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas. | ||||
| CVE-2013-7479 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field. | ||||
| CVE-2013-7478 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post. | ||||
| CVE-2013-7477 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form. | ||||
| CVE-2013-7475 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | N/A |
| The contact-form-plugin plugin before 3.52 for WordPress has XSS. | ||||
| CVE-2013-7474 | 1 Windu | 1 Windu Cms | 2024-11-21 | N/A |
| Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users. | ||||
| CVE-2013-7472 | 1 Count Per Day Project | 1 Count Per Day | 2024-11-21 | N/A |
| The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter. | ||||
| CVE-2013-7467 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | N/A |
| Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter. | ||||
| CVE-2013-7371 | 2 Debian, Sencha | 2 Debian Linux, Connect | 2024-11-21 | 6.1 Medium |
| node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370) | ||||