Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-2239 |
Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the "1993 search" features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address bar for a search-results page by leveraging (1) a compromised search engine or (2) an XSS vulnerability in a search engine, a different vulnerability than CVE-2015-1231. Published: March 08, 2015; 8:59:29 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-0072 |
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)." Published: February 07, 2015; 2:59:07 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-6168 |
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Published: December 28, 2014; 9:59:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2014-6077 |
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Published: December 18, 2014; 11:59:01 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-3058 |
Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Published: December 11, 2014; 11:59:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2014-6365 |
Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6328. Published: December 10, 2014; 7:59:15 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-6328 |
Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6365. Published: December 10, 2014; 7:59:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-6326 |
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6325. Published: December 10, 2014; 7:59:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-6325 |
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326. Published: December 10, 2014; 7:59:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4829 |
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Published: November 27, 2014; 9:59:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-4839 |
Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Published: October 29, 2014; 6:55:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2014-6125 |
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Published: October 28, 2014; 3:55:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-4075 |
Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability." Published: October 15, 2014; 6:55:07 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-3393 |
The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829. Published: October 10, 2014; 6:55:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-3197 |
The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site. Published: October 08, 2014; 6:55:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-4816 |
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Published: September 23, 2014; 6:55:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2012-2956 |
SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS. Published: September 17, 2014; 11:55:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2014-0562 |
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)." Published: September 17, 2014; 6:55:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4785 |
Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Published: September 10, 2014; 6:55:08 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2014-4783 |
Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Published: September 10, 2014; 6:55:07 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |