Vulnerabilities > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-03-04 | CVE-2014-0846 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-03-04 | CVE-2014-0844 | Information Disclosure vulnerability in IBM products Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to read arbitrary data via unknown vectors. network ibm | 3.5 |
2014-03-03 | CVE-2014-2040 | Cross-Site Scripting vulnerability in Jordy Meow Media File Renamer 1.7.0 Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated users with permissions to add media or edit media to inject arbitrary web script or HTML via unspecified parameters, as demonstrated by the title of an uploaded file. | 2.1 |
2014-03-03 | CVE-2013-6493 | Information Exposure vulnerability in Redhat Icedtea-Web The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp. | 2.1 |
2014-03-02 | CVE-2014-2091 | Cross-Site Scripting vulnerability in Atutor 2.1.1 Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. | 3.5 |
2014-03-02 | CVE-2014-2090 | Cross-Site Scripting vulnerability in Ilias 4.4.1 Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter. | 3.5 |
2014-03-02 | CVE-2014-0334 | Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092. | 3.5 |
2014-03-01 | CVE-2014-2067 | Cross-Site Scripting vulnerability in Jenkins Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note." | 3.5 |
2014-02-28 | CVE-2014-0874 | Cross-Site Scripting vulnerability in IBM Content Navigator 2.0.0/2.0.1/2.0.2 Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter. | 3.5 |
2014-02-27 | CVE-2014-0858 | Permissions, Privileges, and Access Controls vulnerability in IBM Content Navigator 2.0.0/2.0.1/2.0.2 IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL. | 3.5 |