Skip to main content
CVE-2014-5276 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Text Chat Rooms
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.8%
CVE-2014-5025 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Debian Linux Opensuse Cacti
NVD
CVSS 2.0
3.5
EPSS
0.5%
CVE-2014-5026 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Debian Linux Cacti Opensuse
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-8330 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in EspoCRM allows remote authenticated users to inject arbitrary web script or HTML via the Name field in a new account. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Espocrm
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-5169 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Date
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-5449 LOW Monitor

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Webaccess Webapp
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-5448 LOW Monitor

Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zarafa
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-5447 LOW Monitor

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

PHP Information Disclosure Webapp Zarafa
NVD
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy