CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6301 CVE-2015-4457 79 XSS 2019-11-26 2019-12-02
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.
6302 CVE-2015-4427 79 XSS 2015-06-09 2018-10-09
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter.
6303 CVE-2015-4395 200 +Info 2015-06-15 2016-06-09
3.5
None Remote Medium ??? Partial None None
The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database.
6304 CVE-2015-4392 79 XSS 2015-06-15 2015-06-26
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to field display settings.
6305 CVE-2015-4384 79 XSS 2015-06-15 2019-06-18
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Ubercart Webform Checkout Pane module 6.x-3.x before 6.x-3.10 and 7.x-3.x before 7.x-3.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
6306 CVE-2015-4381 79 XSS 2015-06-15 2015-06-26
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "Administer own invoices" permission to inject arbitrary web script or HTML via unspecified vectors involving nodes of the "Invoice" content type.
6307 CVE-2015-4380 79 XSS 2015-06-15 2015-08-13
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Linear Case module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
6308 CVE-2015-4376 79 XSS 2015-06-15 2015-08-13
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Profile2 Privacy Levels" permission to inject arbitrary web script or HTML via unspecified vectors.
6309 CVE-2015-4374 79 XSS 2015-06-16 2015-06-26
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.23, 7.x-3.x before 7.x-3.23, and 7.x-4.x before 7.x-4.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name in the recipient (To) address of an email.
6310 CVE-2015-4373 79 XSS 2015-06-15 2015-06-26
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the OG tabs module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes posted in an Organic Groups group.
6311 CVE-2015-4372 79 XSS 2015-06-15 2015-06-30
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Image Title module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
6312 CVE-2015-4370 79 XSS 2015-06-15 2015-06-26
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.
6313 CVE-2015-4369 79 XSS 2015-06-15 2015-06-26
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Trick Question module before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Trick Question" permission to inject arbitrary web script or HTML via unspecified vectors.
6314 CVE-2015-4367 79 XSS 2015-06-15 2015-06-26
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permission to inject arbitrary web script or HTML via vectors related to block content.
6315 CVE-2015-4366 79 XSS 2015-06-15 2015-06-30
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Mover module 6.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
6316 CVE-2015-4365 79 XSS 2015-06-15 2015-06-30
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Taxonomy Accordion module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.
6317 CVE-2015-4359 79 XSS 2015-06-15 2015-06-30
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with permission to create or edit taxonomy terms or nodes to inject arbitrary web script or HTML via unspecified vectors.
6318 CVE-2015-4358 79 XSS 2015-06-15 2015-06-30
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Ubercart Discount Coupons module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.
6319 CVE-2015-4357 79 XSS 2015-06-15 2015-06-30
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.22, 7.x-3.x before 7.x-3.22, and 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title, which is used as the default title of a webform block.
6320 CVE-2015-4356 79 XSS 2015-06-15 2015-06-30
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the view-based webform results table in the Webform module 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a webform.
6321 CVE-2015-4354 79 XSS 2015-06-15 2015-06-30
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
6322 CVE-2015-4337 79 XSS 2015-06-17 2015-06-18
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php.
6323 CVE-2015-4331 264 Bypass 2015-08-22 2017-01-04
3.5
None Remote Medium ??? Partial None None
Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID CSum59958.
6324 CVE-2015-4231 264 Bypass 2015-07-03 2016-12-28
3.6
None Local Low Not required None Partial Partial
The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.
6325 CVE-2015-4156 59 2015-06-02 2018-10-30
3.6
None Local Low Not required None Partial Partial
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
6326 CVE-2015-4155 59 2015-06-02 2016-12-07
3.6
None Local Low Not required None Partial Partial
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
6327 CVE-2015-4139 79 XSS 2015-06-18 2015-06-19
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php.
6328 CVE-2015-4132 79 XSS 2015-05-28 2016-12-06
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors.
6329 CVE-2015-4078 200 +Info 2017-03-23 2017-03-28
3.5
None Remote Medium ??? Partial None None
Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
6330 CVE-2015-4072 79 XSS 2017-09-20 2017-09-22
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.
6331 CVE-2015-4065 79 XSS 2015-05-27 2015-05-28
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php.
6332 CVE-2015-4063 79 XSS 2015-05-27 2015-05-28
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
6333 CVE-2015-4039 79 XSS Bypass 2020-01-06 2020-01-13
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmation step for vector 2.
6334 CVE-2015-4033 200 +Info 2015-07-06 2019-07-03
3.3
None Local Network Low Not required Partial None None
Samsung SBeam allows remote attackers to read arbitrary images by leveraging an NFC connection to access the HTTP server on port 15000.
6335 CVE-2015-3988 79 XSS 2015-05-19 2016-12-24
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.
6336 CVE-2015-3976 79 XSS 2017-08-28 2017-09-06
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.
6337 CVE-2015-3961 399 DoS Mem. Corr. 2015-08-04 2016-12-06
3.5
None Remote Medium ??? None None Partial
The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL.
6338 CVE-2015-3948 79 XSS 2016-01-15 2016-01-20
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
6339 CVE-2015-3921 79 XSS 2015-05-27 2016-12-31
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.
6340 CVE-2015-3787 20 DoS 2015-08-16 2017-09-21
3.3
None Local Network Low Not required None None Partial
The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets.
6341 CVE-2015-3778 200 +Info 2015-08-16 2016-12-24
3.3
None Local Network Low Not required Partial None None
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
6342 CVE-2015-3631 264 2015-05-18 2018-08-13
3.6
None Local Low Not required None Partial Partial
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.
6343 CVE-2015-3619 79 XSS 2018-02-06 2018-02-26
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of first_name, last_name and company."
6344 CVE-2015-3615 79 XSS 2017-08-11 2017-08-26
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack.
6345 CVE-2015-3612 79 XSS 2020-02-04 2020-02-05
3.5
None Remote Medium ??? None Partial None
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.
6346 CVE-2015-3443 79 XSS 2015-07-02 2018-10-09
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask.
6347 CVE-2015-3400 200 +Info 2017-10-18 2017-11-08
3.5
None Remote Medium ??? Partial None None
sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files.
6348 CVE-2015-3392 79 XSS 2015-04-21 2017-09-08
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Ajax Timeline module before 7.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
6349 CVE-2015-3390 79 XSS 2015-04-21 2017-09-08
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors.
6350 CVE-2015-3389 79 XSS 2015-04-21 2017-09-08
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Download counts report page in the Public Download Count module (pubdlcnt) 7.x-1.x-dev and earlier for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.