NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年7月5日10:20

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
244001	4.3	MEDIUM	webengage_project	webengage	Cross-site scripting (XSS) vulnerability in resize.php in the WebEngage plugin before 2.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the height parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4574	2014-07-12 02:53	2014-07-3	表示	GitHub Exploit DB Packet Storm

244002	4.3	MEDIUM	keyword_strategy_internal_links_project	keyword_strategy_internal_links	Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyword Strategy Internal Links plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML v…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4537	2014-07-12 02:37	2014-07-3	表示	GitHub Exploit DB Packet Storm

244003	4.3	MEDIUM	wordpress_social_login_project	wordpress_social_login	Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTM…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4576	2014-07-12 02:37	2014-07-3	表示	GitHub Exploit DB Packet Storm

244004	4.3	MEDIUM	oleggo_livestream_project	oleggo_livestream	Cross-site scripting (XSS) vulnerability in oleggo-twitter/twitter_login_form.php in the Oleggo LiveStream plugin 0.2.6 and earlier for WordPress allows remote attackers to inject arbitrary web scrip…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4540	2014-07-12 02:35	2014-07-3	表示	GitHub Exploit DB Packet Storm

244005	4.3	MEDIUM	omfg_mobile_project	omfg_mobile	Cross-site scripting (XSS) vulnerability in shortcode-generator/preview-shortcode-external.php in the OMFG Mobile Pro plugin 1.1.26 and earlier for WordPress allows remote attackers to inject arbitra…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4541	2014-07-12 02:35	2014-07-3	表示	GitHub Exploit DB Packet Storm

244006	4.3	MEDIUM	ooorl_project	ooorl	Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4542	2014-07-12 02:33	2014-07-3	表示	GitHub Exploit DB Packet Storm

244007	4.3	MEDIUM	wp_social_invitations_project	wp_social_invitations	Cross-site scripting (XSS) vulnerability in test.php in the WP Social Invitations plugin before 1.4.4.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl par…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4597	2014-07-12 02:33	2014-07-3	表示	GitHub Exploit DB Packet Storm

244008	4.3	MEDIUM	rezgo	online_booking	Multiple cross-site scripting (XSS) vulnerabilities in templates/default/index_ajax.php in the Rezgo Online Booking plugin before 1.8.2 for WordPress allow remote attackers to inject arbitrary web sc…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4547	2014-07-12 02:31	2014-07-3	表示	GitHub Exploit DB Packet Storm

244009	4.3	MEDIUM	wp_picasa_image_project	wp_picasa_image	Cross-site scripting (XSS) vulnerability in picasa_upload.php in the WP-Picasa-Image plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_i…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4591	2014-07-12 02:28	2014-07-3	表示	GitHub Exploit DB Packet Storm

244010	6.9	MEDIUM	intel	c202_chipset c204_chipset c206_chipset c216_chipset mobile_intel_qm67_chipset mobile_intel_qs67_chipset q67_express_chipset qm77_chipset qs77_chipset trusted_execution_tech…	Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) before 1.2, as used by the Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C20…	NVD-CWE-noinfo	CVE-2013-5740	2014-07-12 00:31	2013-09-13	表示	GitHub Exploit DB Packet Storm

244011	4.3	MEDIUM	redhat	enterprise_mrg	Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers…	CWE-200 情報漏えい	CVE-2014-0174	2014-07-12 00:23	2014-07-11	表示	GitHub Exploit DB Packet Storm

244012	4.3	MEDIUM	pnp4nagios	pnp4nagios	Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4908	2014-07-11 23:49	2014-07-11	表示	GitHub Exploit DB Packet Storm

244013	4.3	MEDIUM	polldaddy_polls_\&_ratings_plugin_project	polldaddy_polls_\&_ratings	Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ra…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4856	2014-07-11 09:49	2014-07-11	表示	GitHub Exploit DB Packet Storm

244014	4.3	MEDIUM	polylang_plugin_project	polylang	Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. N…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4855	2014-07-11 09:42	2014-07-11	表示	GitHub Exploit DB Packet Storm

244015	4.3	MEDIUM	opendocman	opendocman	Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4853	2014-07-11 09:10	2014-07-11	表示	GitHub Exploit DB Packet Storm

244016	7.5	HIGH	thedigitalcraft	atomcms	SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter.	CWE-89 SQLインジェクション	CVE-2014-4852	2014-07-11 09:08	2014-07-11	表示	GitHub Exploit DB Packet Storm

244017	4.3	MEDIUM	wp_appointments_schedules_project	wp_appointments_schedules	Cross-site scripting (XSS) vulnerability in js/test.php in the Appointments Scheduler plugin 1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the lang …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4579	2014-07-11 03:42	2014-07-3	表示	GitHub Exploit DB Packet Storm

244018	4.3	MEDIUM	hot_files\	file_sharing_and_download_manager_project	Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the Hot Files: File Sharing and Download Manager (wphotfiles) plugin 1.0.0 and earlier for WordPress allows remote attackers to injec…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4588	2014-07-11 03:11	2014-07-3	表示	GitHub Exploit DB Packet Storm

244019	4.3	MEDIUM	wp_plugin_manager_project	wp_plugin_manager	Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress allows remote attackers to inject arbitrary web script or…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4593	2014-07-11 02:54	2014-07-3	表示	GitHub Exploit DB Packet Storm

244020	5.8	MEDIUM	foecms	foecms	Open redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r parameter.	NVD-CWE-Other	CVE-2014-4851	2014-07-11 02:54	2014-07-11	表示	GitHub Exploit DB Packet Storm

244021	5.8	MEDIUM	foecms	foecms	<a href="http://cwe.mitre.org/data/definitions/601.html" target="_blank">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>	NVD-CWE-Other	CVE-2014-4851	2014-07-11 02:54	2014-07-11	表示	GitHub Exploit DB Packet Storm

244022	4.3	MEDIUM	wu-rating_project	wu-rating	Cross-site scripting (XSS) vulnerability in wu-ratepost.php in the Wu-Rating plugin 1.0 12319 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the v parame…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4601	2014-07-11 02:53	2014-07-3	表示	GitHub Exploit DB Packet Storm

244023	7.5	HIGH	foecms	foecms	SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter.	CWE-89 SQLインジェクション	CVE-2014-4850	2014-07-11 02:51	2014-07-11	表示	GitHub Exploit DB Packet Storm

244024	4.3	MEDIUM	foecms	foecms	Multiple cross-site scripting (XSS) vulnerabilities in msg.php in FoeCMS allow remote attackers to inject arbitrary web script or HTML via the (1) e or (2) r parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4849	2014-07-11 02:42	2014-07-11	表示	GitHub Exploit DB Packet Storm

244025	4.3	MEDIUM	liferay	liferay_portal	Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-2963	2014-07-11 01:40	2014-07-10	表示	GitHub Exploit DB Packet Storm

244026	4.3	MEDIUM	social_connect_project	social_connect	Cross-site scripting (XSS) vulnerability in diagnostics/test.php in the Social Connect plugin 1.0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the te…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4551	2014-07-11 00:39	2014-07-3	表示	GitHub Exploit DB Packet Storm

244027	4.3	MEDIUM	spotlightyour	spotlightyour	Cross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight (spotlightyour) plugin 4.7 and earlier for WordPress allows remote attackers to…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4552	2014-07-11 00:39	2014-07-3	表示	GitHub Exploit DB Packet Storm

244028	4.3	MEDIUM	votecount_for_balatarin_project	votecount_for_balatarin	Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) ur…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4572	2014-07-11 00:12	2014-07-3	表示	GitHub Exploit DB Packet Storm

244029	4.3	MEDIUM	walk_score_project	walk_score	Multiple cross-site scripting (XSS) vulnerabilities in frame-maker.php in the Walk Score plugin 0.5.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4573	2014-07-11 00:08	2014-07-3	表示	GitHub Exploit DB Packet Storm

244030	4.3	MEDIUM	jigoshop	swipe_hq_checkout_for_jigoshop	Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for Jigoshop (swipe-hq-checkout-for-jigoshop) plugin 3.1.0 and earlier for WordPress allows remote attackers to injec…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4557	2014-07-10 23:52	2014-07-3	表示	GitHub Exploit DB Packet Storm

244031	4.3	MEDIUM	toolpage_project	toolpage	Cross-site scripting (XSS) vulnerability in includes/getTipo.php in the ToolPage plugin 1.6.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the t parame…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4560	2014-07-10 23:51	2014-07-3	表示	GitHub Exploit DB Packet Storm

244032	4.3	MEDIUM	wpcb_project	wpcb	Cross-site scripting (XSS) vulnerability in facture.php in the WPCB plugin 2.4.8 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4581	2014-07-10 23:51	2014-07-3	表示	GitHub Exploit DB Packet Storm

244033	4.3	MEDIUM	verweise-wordpress-twitter_project	verweise-wordpress-twitter	Cross-site scripting (XSS) vulnerability in res/fake_twitter/frame.php in the "verwei.se - WordPress - Twitter" (verweise-wordpress-twitter) plugin 1.0.2 and earlier for WordPress allows remote attac…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4566	2014-07-10 23:50	2014-07-3	表示	GitHub Exploit DB Packet Storm

244034	4.3	MEDIUM	videowhisper	video_posts_webcam_recorder	Cross-site scripting (XSS) vulnerability in posts/videowhisper/r_logout.php in the Video Posts Webcam Recorder plugin 1.55.4 and earlier for WordPress allows remote attackers to inject arbitrary web …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4568	2014-07-10 23:50	2014-07-3	表示	GitHub Exploit DB Packet Storm

244035	4.3	MEDIUM	kajona	kajona	Cross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_system) in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the syst…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4742	2014-07-10 23:05	2014-07-9	表示	GitHub Exploit DB Packet Storm

244036	7.5	HIGH	artifectx	xclassified	SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.	CWE-89 SQLインジェクション	CVE-2014-4741	2014-07-10 22:49	2014-07-9	表示	GitHub Exploit DB Packet Storm

244037	4.3	MEDIUM	wp_app_maker_project	wp_app_maker	Cross-site scripting (XSS) vulnerability in asset-studio/icons-launcher.php in the WP App Maker plugin 1.0.16.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTM…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4578	2014-07-10 04:00	2014-07-3	表示	GitHub Exploit DB Packet Storm

244038	4.3	MEDIUM	wp_blipbot_project	wp_blipbot	Cross-site scripting (XSS) vulnerability in blipbot.ajax.php in the WP BlipBot plugin 3.0.9 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the BlipBotID …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4580	2014-07-10 04:00	2014-07-3	表示	GitHub Exploit DB Packet Storm

244039	4.3	MEDIUM	wp_microblogs_project	wp_microblogs	Cross-site scripting (XSS) vulnerability in get.php in the WP Microblogs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the oauth_verifier p…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4590	2014-07-10 03:59	2014-07-3	表示	GitHub Exploit DB Packet Storm

244040	4.3	MEDIUM	wp_consultant_project	wp_consultant	Cross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.php in the WP Consultant plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via t…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4582	2014-07-10 03:55	2014-07-3	表示	GitHub Exploit DB Packet Storm

244041	4.3	MEDIUM	wp_restful_project	wp_restful	Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful plugin 0.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) oauth_callback par…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4595	2014-07-10 03:53	2014-07-3	表示	GitHub Exploit DB Packet Storm

244042	4.3	MEDIUM	wp-business_directory_project	wp-business_directory	Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary we…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4599	2014-07-10 03:51	2014-07-3	表示	GitHub Exploit DB Packet Storm

244043	4.3	MEDIUM	wp_ultimate_email_marketer_project	wp_ultimate_email_marketer	Multiple cross-site scripting (XSS) vulnerabilities in contact/edit.php in the WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4600	2014-07-10 03:51	2014-07-3	表示	GitHub Exploit DB Packet Storm

244044	4.3	MEDIUM	your-text-manager_project	your-text-manager	Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in the Your Text Manager plugin 0.3.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4604	2014-07-10 03:49	2014-07-3	表示	GitHub Exploit DB Packet Storm

244045	4.3	MEDIUM	zdstatistics_project	zdstatistics	Cross-site scripting (XSS) vulnerability in cal/test.php in the ZdStatistics (zdstats) plugin 2.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the la…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4605	2014-07-10 03:48	2014-07-3	表示	GitHub Exploit DB Packet Storm

244046	4.3	MEDIUM	zeenshare_project	zeenshare	Cross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php in the ZeenShare plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the zs…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4606	2014-07-10 03:45	2014-07-3	表示	GitHub Exploit DB Packet Storm

244047	4.3	MEDIUM	rezgo_project	rezgo	Cross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo plugin 1.4.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the response parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4546	2014-07-10 03:42	2014-07-3	表示	GitHub Exploit DB Packet Storm

244048	4.3	MEDIUM	style_it_project	style_it	Cross-site scripting (XSS) vulnerability in fonts/font-form.php in the Style It plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parame…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4555	2014-07-10 03:42	2014-07-3	表示	GitHub Exploit DB Packet Storm

244049	4.3	MEDIUM	html5_video_player_with_playlist_plugin_project	html5_video_player_with_playlist_plugin	Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/autoplay.php in the HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress allow remote attackers to inject arbitra…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4534	2014-07-10 03:39	2014-07-3	表示	GitHub Exploit DB Packet Storm

244050	6.8	MEDIUM	piwigo	piwigo	Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUse…	CWE-352 同一生成元ポリシー違反	CVE-2014-4614	2014-07-10 03:37	2014-07-3	表示	GitHub Exploit DB Packet Storm