CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-5061 79 XSS 2015-06-24 2015-06-24
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do.
2 CVE-2015-4608 79 XSS 2015-06-16 2015-06-17
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the BE User Log (beko_beuserlog) extension 1.1.1 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3 CVE-2015-4427 79 XSS 2015-06-09 2015-06-10
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter.
4 CVE-2015-4395 200 +Info 2015-06-15 2015-06-16
3.5
None Remote Medium Single system Partial None None
The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database.
5 CVE-2015-4392 79 XSS 2015-06-15 2015-06-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to field display settings.
6 CVE-2015-4384 79 XSS 2015-06-15 2015-06-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Ubercart Webform Checkout Pane module 6.x-3.x before 6.x-3.10 and 7.x-3.x before 7.x-3.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
7 CVE-2015-4381 79 XSS 2015-06-15 2015-06-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "Administer own invoices" permission to inject arbitrary web script or HTML via unspecified vectors involving nodes of the "Invoice" content type.
8 CVE-2015-4380 79 XSS 2015-06-15 2015-06-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Linear Case module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
9 CVE-2015-4376 79 XSS 2015-06-15 2015-06-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Profile2 Privacy Levels" permission to inject arbitrary web script or HTML via unspecified vectors.
10 CVE-2015-4374 79 XSS 2015-06-16 2015-06-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.23, 7.x-3.x before 7.x-3.23, and 7.x-4.x before 7.x-4.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name in the recipient (To) address of an email.
11 CVE-2015-4373 79 XSS 2015-06-15 2015-06-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the OG tabs module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes posted in an Organic Groups group.
12 CVE-2015-4372 79 XSS 2015-06-15 2015-06-30
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Image Title module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
13 CVE-2015-4370 79 XSS 2015-06-15 2015-06-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.
14 CVE-2015-4369 79 XSS 2015-06-15 2015-06-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Trick Question module before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Trick Question" permission to inject arbitrary web script or HTML via unspecified vectors.
15 CVE-2015-4367 79 XSS 2015-06-15 2015-06-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permission to inject arbitrary web script or HTML via vectors related to block content.
16 CVE-2015-4366 79 XSS 2015-06-15 2015-06-30
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Mover module 6.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
17 CVE-2015-4365 79 XSS 2015-06-15 2015-06-30
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Taxonomy Accordion module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.
18 CVE-2015-4359 79 XSS 2015-06-15 2015-06-30
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with permission to create or edit taxonomy terms or nodes to inject arbitrary web script or HTML via unspecified vectors.
19 CVE-2015-4358 79 XSS 2015-06-15 2015-06-30
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Ubercart Discount Coupons module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.
20 CVE-2015-4357 79 XSS 2015-06-15 2015-06-30
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.22, 7.x-3.x before 7.x-3.22, and 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title, which is used as the default title of a webform block.
21 CVE-2015-4356 79 XSS 2015-06-15 2015-06-30
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the view-based webform results table in the Webform module 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a webform.
22 CVE-2015-4354 79 XSS 2015-06-15 2015-06-30
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
23 CVE-2015-4337 79 XSS 2015-06-17 2015-06-18
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php.
24 CVE-2015-4156 59 2015-06-02 2015-06-03
3.6
None Local Low Not required None Partial Partial
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
25 CVE-2015-4155 59 2015-06-02 2015-06-03
3.6
None Local Low Not required None Partial Partial
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
26 CVE-2015-4139 79 XSS 2015-06-18 2015-06-19
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php.
27 CVE-2015-4132 79 XSS 2015-05-28 2015-05-29
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors.
28 CVE-2015-4065 79 XSS 2015-05-27 2015-05-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php.
29 CVE-2015-4063 79 XSS 2015-05-27 2015-05-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
30 CVE-2015-3988 79 XSS 2015-05-19 2015-05-20
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.
31 CVE-2015-3921 79 XSS 2015-05-27 2015-05-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.
32 CVE-2015-3631 264 2015-05-18 2015-05-19
3.6
None Local Low Not required None Partial Partial
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.
33 CVE-2015-3392 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Ajax Timeline module before 7.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
34 CVE-2015-3390 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors.
35 CVE-2015-3389 79 XSS 2015-04-21 2015-04-30
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Download counts report page in the Public Download Count module (pubdlcnt) 7.x-1.x-dev and earlier for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
36 CVE-2015-3387 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Tools module before 7.x-1.4 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via a (1) node or (2) taxonomy term title.
37 CVE-2015-3386 79 XSS 2015-04-21 2015-05-06
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Node Access Product module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
38 CVE-2015-3385 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Taxonomy Path module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link to path" field formatter.
39 CVE-2015-3384 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Bank Account Listing Page in the Commerce Balanced Payments module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
40 CVE-2015-3381 79 XSS 2015-04-21 2015-05-19
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Node basket module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
41 CVE-2015-3376 79 XSS 2015-04-21 2015-05-04
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Quizzler module before 7-x.1.16 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
42 CVE-2015-3372 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
43 CVE-2015-3369 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Taxonews module before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a term name in a block.
44 CVE-2015-3368 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the administration user interface in the Classified Ads module before 6.x-3.1 and 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a category name.
45 CVE-2015-3365 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the nodeauthor module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a Profile2 field in a provided block.
46 CVE-2015-3362 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title.
47 CVE-2015-3360 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Term Merge module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
48 CVE-2015-3359 79 XSS 2015-04-21 2015-04-22
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Room Reservations module before 7.x-1.1 for Drupal allow remote authenticated users with the "Administer the room reservations system" permission to inject arbitrary web script or HTML via the (1) node title of a "Room Reservations Category" or (2) body of a "Room Reservations Room" node.
49 CVE-2015-3357 79 XSS 2015-04-21 2015-04-22
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message.
50 CVE-2015-3353 79 XSS 2015-04-21 2015-04-22
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Field Display Label module before 7.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the alternate field label in content types settings.
Total number of vulnerabilities : 1620   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.