Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344.
Max CVSS
3.5
EPSS Score
0.08%
Published
2014-03-29
Updated
2015-07-24
Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter.
Max CVSS
4.3
EPSS Score
0.25%
Published
2014-03-24
Updated
2022-12-02
Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.
Max CVSS
4.3
EPSS Score
1.02%
Published
2014-03-24
Updated
2014-03-24
Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a quiz question.
Max CVSS
3.5
EPSS Score
0.09%
Published
2014-03-24
Updated
2020-12-01
Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack.
Max CVSS
4.3
EPSS Score
0.25%
Published
2014-03-25
Updated
2015-10-08
Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sForumName or (2) sDescription parameter to Forum/manage/ForumManager.lsp; (3) sHint, (4) sWord, or (5) nId parameter to Forum/manage/hangman.lsp; (6) user parameter to rtl/protected/admin/wizard/setuser.lsp; (7) name or (8) email parameter to feedback.lsp; (9) lname or (10) url parameter to private/manage/PageManager.lsp; (11) cmd parameter to fs; (12) newname, (13) description, (14) firstname, (15) lastname, or (16) id parameter to rtl/protected/mail/manage/list.lsp; or (17) PATH_INFO to fs/.
Max CVSS
6.1
EPSS Score
0.34%
Published
2014-03-25
Updated
2021-05-27
Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.23%
Published
2014-03-27
Updated
2018-10-30
Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/index.htm or (2) User email address to quarantine/spam/manage.htm.
Max CVSS
4.3
EPSS Score
0.22%
Published
2014-03-14
Updated
2014-03-26
Multiple cross-site scripting (XSS) vulnerabilities in the Thank You Counter Button plugin 1.8.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) thanks_caption, (2) thanks_caption_style, or (3) thanks_style parameter to wp-admin/options.php.
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-03-09
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
3.5
EPSS Score
0.09%
Published
2014-03-14
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the search feature in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
Max CVSS
4.3
EPSS Score
0.25%
Published
2014-03-20
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.26%
Published
2014-03-16
Updated
2020-02-10
Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php.
Max CVSS
4.3
EPSS Score
0.39%
Published
2014-03-02
Updated
2015-08-07
includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.
Max CVSS
4.3
EPSS Score
0.57%
Published
2014-03-02
Updated
2016-04-04
Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0.7.49 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) tag or (2) user search forms.
Max CVSS
4.3
EPSS Score
0.27%
Published
2014-03-05
Updated
2015-07-30
Cross-site scripting (XSS) vulnerability in Askbot before 0.7.49 allows remote attackers to inject arbitrary web script or HTML via vectors related to the question search form.
Max CVSS
4.3
EPSS Score
0.27%
Published
2014-03-05
Updated
2015-07-30
Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via the d parameter.
Max CVSS
4.3
EPSS Score
0.18%
Published
2014-03-20
Updated
2018-10-09
Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-03-19
Updated
2023-08-11
Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687.
Max CVSS
4.3
EPSS Score
0.22%
Published
2014-03-27
Updated
2015-09-16
Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113.
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-03-02
Updated
2015-09-16
Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.
Max CVSS
4.3
EPSS Score
0.16%
Published
2014-03-02
Updated
2015-08-13
Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.
Max CVSS
3.5
EPSS Score
0.12%
Published
2014-03-02
Updated
2015-08-13
Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter.
Max CVSS
3.5
EPSS Score
0.08%
Published
2014-03-02
Updated
2014-03-03
Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter.
Max CVSS
4.3
EPSS Score
0.45%
Published
2014-03-01
Updated
2015-07-30
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'.
Max CVSS
4.3
EPSS Score
0.14%
Published
2014-03-20
Updated
2014-03-24
107 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!