Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363801 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4511 | 1 Gitlist | 1 Gitlist | 2025-04-12 | N/A |
| Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/. | ||||
| CVE-2014-4513 | 1 Activehelper | 1 Activehelper Livehelp Live Chat | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter. | ||||
| CVE-2014-4514 | 1 Alipay Project | 1 Alipay | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to the getDebugInfo function. | ||||
| CVE-2014-4515 | 1 Anyfont Plugin Project | 1 Anyfont | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter. | ||||
| CVE-2014-4516 | 1 Bic Media Widget Plugin | 1 Bic Media Widget | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter. | ||||
| CVE-2014-4517 | 1 Cbi Referral Manager Project | 1 Cbi Referral Manager | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the searchString parameter. | ||||
| CVE-2014-4518 | 1 D-coda | 1 Contactme | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter. | ||||
| CVE-2014-4520 | 1 Dmca | 1 Dmca Watermarker | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir parameter. | ||||
| CVE-2014-4521 | 1 Diversesolutions | 1 Dsidxpress Idx Plugin | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. | ||||
| CVE-2014-4522 | 1 Dssearchagent Project | 1 Dssearchagent | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in client-assist.php in the dsSearchAgent: WordPress Edition plugin 1.0-beta10 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. | ||||
| CVE-2014-4524 | 1 Wp Easy Post Types Project | 1 Wp Easy Post Types | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in classes/custom-image/media.php in the WP Easy Post Types plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ref parameter. | ||||
| CVE-2014-4526 | 1 Efence Project | 1 Efence | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) zoneid, (3) pubKey, or (4) privKey parameter. | ||||
| CVE-2014-4527 | 1 Envialosimple | 1 Email Marketing Y Newsletters | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) FormID or (2) AdministratorID parameter. | ||||
| CVE-2014-4528 | 1 Fbpromotions Project | 1 Fbpromotions | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-settings.php in the Bugs Go Viral : Facebook Promotion Generator (fbpromotions) plugin 1.3.4 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) promo_type, (2) fb_edit_action, or (3) promo_id parameter. | ||||
| CVE-2014-4529 | 2 Flash Photo Gallery Project, Wordpress | 2 Flash Photo Gallery, Wordpress | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Flash Photo Gallery plugin 0.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter. | ||||
| CVE-2014-4531 | 1 Game Tabs Project | 1 Game Tabs | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in main_page.php in the Game tabs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the n parameter. | ||||
| CVE-2014-4532 | 1 Garagesale Project | 1 Garagesale | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in templates/printAdminUsersList_Footer.tpl.php in the GarageSale plugin before 1.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2014-4533 | 1 Geo Redirector Plugin Project | 1 Geo Redirector | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in ajax_functions.php in the GEO Redirector plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the hid_id parameter. | ||||
| CVE-2014-4534 | 2 Html5 Video Player With Playlist Plugin Project, Wordpress | 2 Html5 Video Player With Playlist Plugin, Wordpress | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/autoplay.php in the HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) theme or (2) playlistmod parameter. | ||||
| CVE-2014-4537 | 1 Keyword Strategy Internal Links Project | 1 Keyword Strategy Internal Links | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyword Strategy Internal Links plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) sort, (2) search, or (3) dir parameter. | ||||