Filtered by CWE-79
Total 45574 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-4187 1 Clip-bucket 1 Clipbucket 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field.
CVE-2014-4189 1 Hitachi 2 Jp1\/performance Management-manager Web Option, Tuning Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4301 1 Ajenti 1 Ajenti 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page.
CVE-2014-4302 1 Ham3d 1 Ham3d Shop Engine 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D Shop Engine allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
CVE-2014-4303 1 Drupac 1 Touch 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme 7.x-1.x before 7.x-1.9 for Drupal allow remote authenticated users with the Administer themes permission to inject arbitrary web script or HTML via vectors related to the (1) Twitter and (2) Facebook username settings.
CVE-2014-4304 1 Sqlbuddy 1 Sql Buddy 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy 1.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter.
CVE-2014-4515 1 Anyfont Plugin Project 1 Anyfont 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter.
CVE-2014-4516 1 Bic Media Widget Plugin 1 Bic Media Widget 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter.
CVE-2014-4517 1 Cbi Referral Manager Project 1 Cbi Referral Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the searchString parameter.
CVE-2014-4518 1 D-coda 1 Contactme 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter.
CVE-2014-4520 1 Dmca 1 Dmca Watermarker 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir parameter.
CVE-2014-4521 1 Diversesolutions 1 Dsidxpress Idx Plugin 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2014-4534 2 Html5 Video Player With Playlist Plugin Project, Wordpress 2 Html5 Video Player With Playlist Plugin, Wordpress 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/autoplay.php in the HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) theme or (2) playlistmod parameter.
CVE-2014-4537 1 Keyword Strategy Internal Links Project 1 Keyword Strategy Internal Links 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyword Strategy Internal Links plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) sort, (2) search, or (3) dir parameter.
CVE-2014-4538 1 Malware Finder Plugin Project 1 Malware Finder 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2014-4540 1 Oleggo Livestream Project 1 Oleggo Livestream 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in oleggo-twitter/twitter_login_form.php in the Oleggo LiveStream plugin 0.2.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2014-4551 1 Social Connect Project 1 Social Connect 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in diagnostics/test.php in the Social Connect plugin 1.0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the testing parameter.
CVE-2014-4552 1 Spotlightyour 1 Spotlightyour 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight (spotlightyour) plugin 4.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the paymentType parameter.
CVE-2014-4554 1 Ss Downloads Project 1 Ss Downloads 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title parameter.
CVE-2014-4555 1 Style It Project 1 Style It 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in fonts/font-form.php in the Style It plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.