CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-3392 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Ajax Timeline module before 7.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
2 CVE-2015-3390 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors.
3 CVE-2015-3389 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Download counts report page in the Public Download Count module (pubdlcnt) 7.x-1.x-dev and earlier for Drupal allows remote authnticated users to inject arbitrary web script or HTML via unspecified vectors.
4 CVE-2015-3387 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Tools module before 7.x-1.4 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via a (1) node or (2) taxonomy term title.
5 CVE-2015-3386 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Node Access Product module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
6 CVE-2015-3385 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Taxonomy Path module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link to path" field formatter.
7 CVE-2015-3384 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Bank Account Listing Page in the Commerce Balanced Payments module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
8 CVE-2015-3381 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Node basket module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
9 CVE-2015-3376 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Quizzler module before 7-x.1.16 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
10 CVE-2015-3372 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
11 CVE-2015-3369 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Taxonews module before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a term name in a block.
12 CVE-2015-3368 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the administration user interface in the Classified Ads module before 6.x-3.1 and 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a category name.
13 CVE-2015-3365 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the nodeauthor module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a Profile2 field in a provided block.
14 CVE-2015-3362 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title.
15 CVE-2015-3360 79 XSS 2015-04-21 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Term Merge module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
16 CVE-2015-3359 79 XSS 2015-04-21 2015-04-22
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Room Reservations module before 7.x-1.1 for Drupal allow remote authenticated users with the "Administer the room reservations system" permission to inject arbitrary web script or HTML via the (1) node title of a "Room Reservations Category" or (2) body of a "Room Reservations Room" node.
17 CVE-2015-3357 79 XSS 2015-04-21 2015-04-22
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message.
18 CVE-2015-3353 79 XSS 2015-04-21 2015-04-22
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Field Display Label module before 7.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the alternate field label in content types settings.
19 CVE-2015-3348 79 XSS 2015-04-21 2015-04-22
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
20 CVE-2015-3344 79 XSS 2015-04-21 2015-04-22
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
21 CVE-2015-2827 79 XSS 2015-04-07 2015-04-13
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
22 CVE-2015-2760 79 XSS 2015-03-27 2015-03-30
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
23 CVE-2015-2677 79 XSS 2015-03-23 2015-03-26
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the (1) title or (2) text field in the cms_calendar page to cms/index.php; unspecified fields in (3) the cms_polls page to cms/index.php or (4) a new topic in the topics page to forum/index.php; or (5) a new PT (private topic/private message) in the topics page to forum/index.php.
24 CVE-2015-2567 2015-04-16 2015-04-17
3.5
None Remote Medium Single system None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.
25 CVE-2015-2559 284 2015-03-25 2015-04-01
3.5
None Remote Medium Single system None Partial None
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.
26 CVE-2015-2289 79 XSS 2015-03-23 2015-03-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.
27 CVE-2015-2197 79 XSS 2015-03-03 2015-03-04
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.
28 CVE-2015-2149 79 XSS 2015-03-18 2015-03-25
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) MIME-type field in an add action in the config-attachment_types module to admin/index.php; (2) title or (3) short description field in an add action in the (a) config-mycode or (b) user-groups module to admin/index.php; (4) title field in an add action in the (c) forum-management or (d) tool-tasks module to admin/index.php; (5) name field in an add_set action in the style-templates module to admin/index.php; (6) title field in an add_template_group action in the style-templates module to admin/index.php; (7) name field in an add action in the config-post_icons module to admin/index.php; (8) "title to assign" field in an add action in the user-titles module to admin/index.php; or (9) username field in the config-banning module to admin/index.php.
29 CVE-2015-2108 200 +Info 2015-03-31 2015-04-02
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.
30 CVE-2015-2086 79 XSS 2015-02-26 2015-02-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title.
31 CVE-2015-1890 200 +Info 2015-04-05 2015-04-06
3.5
None Remote Medium Single system Partial None None
/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
32 CVE-2015-1636 79 XSS 2015-03-11 2015-03-17
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
33 CVE-2015-1633 79 XSS 2015-03-11 2015-03-17
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
34 CVE-2015-1621 79 XSS 2015-02-17 2015-02-18
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
35 CVE-2015-1619 79 XSS 2015-02-17 2015-02-18
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages.
36 CVE-2015-1617 79 XSS 2015-02-17 2015-02-18
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
37 CVE-2015-1558 399 DoS 2015-02-09 2015-02-09
3.5
None Remote Medium Single system None None Partial
Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.
38 CVE-2015-1451 79 XSS 2015-02-02 2015-02-19
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request.
39 CVE-2015-1054 79 1 XSS 2015-01-16 2015-01-20
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Games feature in Crea8Social 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the Game Content field in Add Game.
40 CVE-2015-1044 DoS 2015-01-29 2015-02-20
3.3
None Local Network Low Not required None None Partial
vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors.
41 CVE-2015-1043 20 DoS 2015-01-29 2015-02-20
3.3
None Local Network Low Not required None None Partial
The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a guest OS denial of service via unspecified vectors.
42 CVE-2015-1040 79 XSS 2015-01-15 2015-01-15
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) "note text" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view.
43 CVE-2015-1028 79 3 XSS 2015-01-21 2015-01-26
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
44 CVE-2015-0998 200 +Info 2015-03-29 2015-03-30
3.3
None Local Network Low Not required Partial None None
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
45 CVE-2015-0933 22 Dir. Trav. 2015-03-03 2015-03-04
3.5
None Remote Medium Single system Partial None None
Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command.
46 CVE-2015-0862 79 XSS 2015-01-18 2015-01-20
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin before 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a message is unqueued, such as headers or arguments; (2) policy names, which are not properly handled when viewing policies; (3) details for AMQP network clients, such as the version; allow remote authenticated administrators to inject arbitrary web script or HTML via (4) user names, (5) the cluster name; or allow RabbitMQ cluster administrators to (6) modify unspecified content.
47 CVE-2015-0707 79 XSS 2015-04-22 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425.
48 CVE-2015-0521 79 XSS 2015-03-12 2015-03-17
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter.
49 CVE-2015-0513 79 XSS 2015-01-21 2015-01-27
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.
50 CVE-2015-0507 2015-04-16 2015-04-17
3.5
None Remote Medium Single system None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.
Total number of vulnerabilities : 1564   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.