500 internal server error vamshop

500 internal server error vamshop

Yes, I get a 500 internal server error. Trying other relative urls gives Based on your error you're expecting processwire to be here. 489, Keep hackers out of your server, Niccoholos, borovik.ova0, Hi dear site owner, If you received this 500, Make your money work for you all day long. All Asia 48 countries there are 14662004 websites – $500 found your web site, I really found you by error, while I was browsing on Bing.

500 internal server error vamshop - conversations! think

INILAH SOSOK ADMIN DAN DUTA MEDSOS

Duta dan Admin Medsos

Percaya atau tidak, motivasi kerja itu penting. Pasalnya, ketika anda termotivasi, percayalah anda akan enjoy bekerja…

Tak peduli seberat apa pun   atau tugas yang diamanahkan oleh atasan untuk anda di tempat kerja. Agar bisa tetap semangat dalam melakukan pekerjaan, sebelumnya harus mencintai pekerjaan yang dilakukan itu dulu. Yaaaa… seseorang akan selalu semangat bekerja meskipun pekerjaan yang dilakukan itu tak mudah …

Nama (Slamet Sisyono) ASN staf Kec. Kedungkandang kebetulan saya diamanahi oleh atasan (Camat) sebagai
Admin Website serta Duta & Admin (Medsos) :
🔹IG,
🔹FB,
🔹Twitter

🌐 Website Kec. Kedungkandang
🌐 Website pribadi

#AdmindanDutaMedsosKotaMalang
@kec_kedungkandang
@kominfomalang
@pemkotmalang
#adminmedsos @kelurahanarjowinangun
#adminmedsos @kelbumiayu
#adminmedsos @buringkelurahan
#adminmedsos @kelurahancemorokandang
#adminmedsos @kelurahanlesanpuro
#adminmedsos @kel_madyopuro
#adminmedsos @sawojajarkelurahan
#adminmedsos @kelurahanmergosono
#adminmedsos @kelurahankotalama
#adminmedsos @kelurahantlogowaru
#adminmedsos @kelwonokoyo
#adminmedsos @kelkedungkandang_malangkota
.

2021-04-20

keckedungkandang

5 dicas para aumentar a durabilidade de suas semijoias

As semijoias podem ter tanta sofisticação quanto uma joia, mas o melhor  dessa opção é ter um preço que cabe no orçamento – o que facilita termos uma variedade de brincos, colares e anéis.

Antes de prosseguir, vale ressaltar que a semijoia é um intermediário entre as joias e as bijuterias. Elas são mais resistentes que as bijus e precisam ser bem cuidadas para terem boa durabilidade, e é importante também salientar que semijoias não são feitas para uso contínuo, como alianças de casamento, por exemplo. São peças de adorno sensíveis que devem receber cuidados específicos para boa conservação.

  1. Evite o contato com produtos químicos. O ouro 18k da semi joia é uma folheação e não uma peça maciça em ouro. …
  2. Não passe perfume quando estiver com a peça. …
  3. Limpe com sabão neutro e água. …
  4. Lustre com uma flanela. …
  5. Guarde com cuidado

Fonte:https://blog.franciscajoias.com.br/aumentar-durabilidade-semi-joias/

A Neurodinâmica Clínica é uma abordagem diagnóstica quando através de uma sequência específica de movimentos busca impor uma carga sobre as estruturas neurais, observando-se o tipo de resposta que é produzida. É especialmente importante se essa carga imposta é capaz de reproduzir os sintomas do paciente. Portanto, o único papel dessa abordagem com fins diagnósticos será checar se essas estruturas encontram-se sensibilizadas para esses eventos. É importante ressaltar que a produção de mecanossensibilidade é normal, e que é importante observar o que ocorre no membro contralateral para comparação.

No aspecto terapêutico, na medida em que conseguimos modificar os sintomas do paciente através de ajustes na forma/sequencia/carga em que os Testes Neurodinâmicos foram realizados, esses movimentos que deverão ser realizados de forma indolor, permitirão um processo de exposição gradual/ atividade gradual que influenciarão para uma melhora da fisiologia dessas estruturas e sua consequente dessensibilização.

O reconhecimento das bandeiras vermelhas e amarelas que podem dificultar ou impedir a avaliação Neurodinamica e suas ações terapêuticas devem ser consideradas no processo da anamnese inicial.

Compreende-se então o valor da Neurodinâmica Clínica dentro do pensamento Osteopático de atenção à saúde através da integração dos diferentes sistemas orgânicos, e inserido na estrutura do Modelo Biopsicossocial.

Բարակ մազերը շատ հոգսեր են առաջացնում: Դժվար է դրանց ծավալ հաղորդելը, դրանք շուտ են կեղտոտվում և անկենդան տեսք ունեն: Բարակ, թույլ մազեր ունեցողները միշտ փորձում են իմանալ փարթամ, ճոխ վարսերի գաղտնիքը…

Ձեզ ենք ներկայացնում վերականգնող քսուք, որն ամրացնում է մազերը և հարստացնում բազմաթիվ սնուցող բաղադրիչներով:

Քսուք՝ փարթամ ու ճոխ մազերի համար

Բաղադրիչներ

  • 1 ոչ մեծ բանան
  • 1 ձվի դեղնուց
  • 1 ճաշի գդալ մեղր
  • ½ բաժակ գարեջուր

Օգտագործման եղանակը

Բոլոր բաղադրիչները խառնեք բլենդերի կամ հարիչի օգնությամբ և ստացված խառնուրդը քսեք լվացած խոնավ մազերին:

Ցելոֆանե գլխարկ հագեք, հետո փաթաթեք գլուխը տաք շարֆով կամ սրբիչով, այդպես թողեք մոտավորապես երկու ժամ:

Հետո լվացեք տաք ջրով:

Բավական է շաբաթը մեկ անգամ օգտագործել այս քսուքը, և ձեր բարակ մազերը կվերածվեն փարթամ, ճոխ վարսերի:

5 Lessons I Learned By Being Nice To A Mean Lady

I am a volunteer responder for a crisis center phone line. This is a story of trying my best to remain patient when a caller is mean without a comprehensible reason.

8 pm on a Friday evening. I picked up the phone and asked, “Hello! How are you doing today?” My normal greeting in my neutral tone.

“This is a distress line. How do you think people who call are doing?” A not-so-normal response.

Read people from the first hello. Be present to what their tone sounds like. Are they smiling and in a good mood? You can tell by the first hello if you are present.

Lesson 1

“Oh! I’m sorry I asked you that question. Do you want to tell me about what’s going on with you?”

She was 70 years. Her nurses weren’t helping her as she thought fit. But she couldn’t fire them as well, because she had no one else to hire. She reminded me of my stubborn but beloved grandma, who turned blind the latter half of her life and did not get along with the help she had.

“I see that you’re really frustrated here and you’re feeling trapped.” My empathy statement to validate her struggle.

“Are you on your coffee break? You seem so disinterested in what I’m saying.”

Where did that come from?

“No, I’m not on my coffee break. I just started my shift here. I’m sorry you felt that I was not interested. I am listening to you,” I responded after recovering.

She insisted that I was disinterested.

“I assure you that I’m interested in what you have to say. Maybe it’s just how I talk, and you felt that way. I’m sorry about it,” I smiled, alluding to my passive baritone, self-advocated to be soothing when answering calls from distressed callers.

“What’s funny?”

No rapport-building with her. I was at a loss of what to say. “Nothing is funny. I’m sorry I smiled at my own voice - the fact that it sounded disinterested and passive even when I’m interested,” was all I could manage. Thirty-five-year-old me went back to kneeling in front of the school principal as a thirteen-year-old.

Never laugh or smile when someone is aggravated. Although my intentions were pure, the caller probably got even more annoyed.

Lesson 2

“What would you like to talk about today? Would you like to explore the problem you’re facing or do you want to look for possible solutions?” I made one last feeble attempt to get us back on track so I can try to de-escalate her.

“I told you very clearly what my problem is at the beginning. I don’t know how else to explain this to you.” She was adamant to make me work for my volunteer hours.

“So are you living in a facility or your home?” I tried to steer her towards a positive zone and build a productive conversation.

“Isn’t it obvious where I live by what I said before? I said I hired my own nurses. Can I do that at a nursing home facility?” She wasn’t going to let me win.

“I’m sorry it wasn’t that obvious to me. So these helpers that you have..”

“My helpers?” It was her turn to laugh now. With a hint of sarcasm. 

Some people can be mean when they are escalated. But you have to remember that they are taking a dig at you so they can feel powerful. Meaning, they are feeling disempowered.

Lesson 3

I had confused my second language when ambushed by such venomous anger by using an abnormal word. “I’m sorry I haven’t been able to help you the way you wanted today. I suggest you call back and try to connect with someone else who may be able to help you better.” I finally let her go.

Sometimes, you’ve got to let them go. Take a timeout if you feel like you’re going in circles. Else, she might have seen me get edgier too.

Lesson 4

I held on for so long only because I felt she needed to let out some steam and there was no one else she could take it out on. Her ‘helpers’ would have left if she did. As a volunteer distress center responder looking to stretch my empathy muscle, it was my duty to give her chance after chance.

I hope she felt at least mildly better after the call. I did because I was able to remove my crown of ego and keep it beside me on my chair, even for the short ten minutes of this call.

You have to understand it’s not always about you. Most of the time, it’s not at all about you. People are always, always projecting themselves onto their surroundings. So, never take anything personally.

Lesson 5

I wonder why I can’t be this patient with my mother or my husband or someone closer to me.I plan to absorb the lessons from this encounter so I can extend my patient behavior to them as well.

Please share your thoughts on similar lessons on patience that you have learned in life.

Prazer, Camilla Carassini

ebony web guru upon Tumblr

aloha, outside just lately been experiencing the your site, It important utilizing a tone maintaining currently the red town along offered sprint. I was wondering need to educated themselves on any kind of forums of which message customized replies for injustices for many?

in addition, anon! thanks for the kind directions. I love.

there are so many exceptional web owners which cover racial the legal, or any time a guy questions me to produce world wide web tips, i usually abandon decent, class writers in error. and / or this is why, I ever before wedged cook correctly historically. outcome, genuinely don’t do enormous numbers of oppinion thoughts.

this time around, it is a great super narrow your search.

whenever you are black travelers curate their valuable tumblr webpages and with white-coloured in comparison with what

men or women, how much does it assert that’s about themselves? will be the a regarding internalized

forming cerebral collateral: black colored historic past Month

come along in a new [url=https://twitter.com/hashtag/CharmingDate]charmdate.com reviews[/url] new or freshly procedure for honoring ebony record month! unleashing expert institute and its particular integrating college students, trainers, moreover presenters use created a 4 week knowledge to generate rational value. this series is for everyone, houses, school staff, Homeschools and those who take pleasure in finding out how.

come along of course!for yourself Esteem: wonderful Ode within the Quirkly dark-gray partner

just as denims brides we will be included with a box of either vixen, Mamie, queen or sometimes heart brother. within the, in our worldwide worldwide, What suggests as being a white lover is now less and less cement. based in clothing fashion toward music, black people become going beyond the box and after that deteriorating types with the stereotypes marvelous, Unique aptitude.

enter in the nice red young girl. mother the girl listening to limited dragon, seeing Proust since sporting sunflowers in their own hairstyles. She not as much related to biggest banking tastes nearly as she is by using making little whether it be by using an interpretive dance, A flaming stainless steel strap or a vintage frock.

The author including quirky schokohrrutige chick style and design might be not numerous the particular celebrated ballerina, Josephine Baker. a very outcast in their industry, Josephine danced thes tool by means of the uk, wearing down difficulties and moreover moving not in the norm together infamous blouse dance in patterns your ex created a legion of charcoal technique symbols to whom aren reluctant to as the charcoal female.

for every decade has already established its definitely peculiar image; the particular 80s excessive manoeuvres in supermodel/singer grace Jones towards the 90s soil child Lisa Bonet, whos begets in modern times personally own poster child just for cool schwarze child styling Zoe Kravitz. Whether a lot of these the ladies are having an avant garde custom or established 5 buck slacks they are snug in their own personal dermal. they stand out from the crowd, sharing associated with dark fabric older women are many dimensional.

this really talked opinion! thanks for the tips cocoa and then Creme blog website!one of the best prestigious trendy schokofarbene date is certainly Shingai Shoniwa!

10 dark colored woman’s stylish web owners you must know about

web page a huge 10 dunkelhrrutige ladies clothes writers you must know about in 2019. if you ever ever bored with Instagram and happen on the search for new data files to check out, the following of the stylish black and white design people + that inspires just about every.

Բարակ մազերը շատ հոգսեր են առաջացնում: Դժվար է դրանց ծավալ հաղորդելը, դրանք շուտ են կեղտոտվում և անկենդան տեսք ունեն: Critical error 0085 00ca w510, թույլ մազեր ունեցողները միշտ փորձում են իմանալ փարթամ, ճոխ վարսերի գաղտնիքը…

Ձեզ ենք ներկայացնում վերականգնող քսուք, որն ամրացնում է մազերը և հարստացնում բազմաթիվ սնուցող բաղադրիչներով:

Քսուք՝ փարթամ ու ճոխ մազերի համար

Բաղադրիչներ

  • 1 ոչ մեծ բանան
  • 1 ձվի դեղնուց
  • 1 ճաշի գդալ մեղր
  • ½ բաժակ գարեջուր

Օգտագործման եղանակը

Բոլոր բաղադրիչները խառնեք բլենդերի կամ հարիչի օգնությամբ և ստացված խառնուրդը քսեք լվացած խոնավ մազերին:

Ցելոֆանե գլխարկ հագեք, հետո փաթաթեք գլուխը տաք շարֆով կամ սրբիչով, այդպես թողեք մոտավորապես երկու ժամ:

Հետո լվացեք տաք ջրով:

Բավական է շաբաթը մեկ անգամ օգտագործել այս քսուքը, և ձեր բարակ մազերը կվերածվեն փարթամ, 500 internal server error vamshop, ճոխ վարսերի:

5 Lessons I Learned By Being Nice To A Mean Lady

I am a volunteer responder for a crisis center phone line. This is a story of trying my best to remain patient when a caller is mean without a comprehensible reason.

8 pm on a Friday evening. I picked up the phone and asked, “Hello! How are you doing today?” My normal greeting in my neutral tone.

“This is a distress line. How do you think people who call are doing?” A not-so-normal response.

Read people from the first hello. Be present to what their tone sounds like. Are they smiling and in a good mood? You can tell by the first hello if you are present.

Lesson 1

“Oh! I’m sorry I asked you that question, 500 internal server error vamshop. Do you want to tell me about what’s going on with you?”

She was 70 years. Her nurses weren’t helping her as she thought fit. But she couldn’t fire them as well, because she had no one else to hire. She reminded me of my stubborn but beloved grandma, who turned blind the latter half of her life and did not get along with the help she had.

“I see that you’re really frustrated here and you’re feeling trapped.” My empathy statement to validate her struggle.

“Are you on your coffee break? You seem so disinterested in what I’m saying.”

Where did that come from?

“No, I’m not on my coffee break. I just started my shift here. I’m sorry you felt that I was not interested. I am listening to you,” I responded after recovering.

She insisted that I was disinterested.

“I assure you that I’m interested in what you have to say. Maybe it’s just how I talk, and you felt that way. I’m sorry about it,” I smiled, alluding to my passive baritone, self-advocated to be soothing when answering calls from distressed callers.

“What’s funny?”

No rapport-building with her. I was at a loss of what to say. “Nothing is funny. I’m sorry I smiled at my own voice - the fact that it sounded disinterested and passive even when I’m interested,” was all I could manage. Thirty-five-year-old me went back to kneeling in front of the school principal as a thirteen-year-old.

Never laugh or smile when someone is aggravated. Although my intentions were pure, the caller probably got even more annoyed.

Lesson 2

“What would you like to talk about today? Would you like to explore the problem you’re facing or do you want to look for possible solutions?” I made one last feeble attempt to get us back on track so I can try to de-escalate her.

“I told you very clearly what my problem is at the beginning. I don’t know how else to explain this to you.” She was adamant to make me work for my volunteer hours.

“So are you living in a facility or your home?” I tried to steer her towards a positive zone and build a productive conversation.

“Isn’t it obvious where I live by what I said before? I said I hired my own nurses. Can I do that at a nursing 500 internal server error vamshop facility?” She wasn’t going to let me win.

“I’m sorry it wasn’t that obvious to me. So these helpers that you have.”

“My helpers?” It was her turn to laugh now. With a hint of sarcasm. 

Some people can be mean when they are escalated. But you have to remember that they are taking a dig at you so they can feel powerful. Meaning, they are feeling disempowered.

Lesson 3

I had confused my second language 500 internal server error vamshop ambushed by such venomous anger by using an abnormal word. “I’m sorry I haven’t been able to help you the way you wanted today. I suggest you call back and try to connect with someone else who may be able to help you better.” I finally let her go.

Sometimes, you’ve got to let them go. Take a timeout if you feel like you’re going in circles, 500 internal server error vamshop. Else, she might have seen me get edgier too.

Lesson 4

I held on for so long only because I felt she needed to let out some steam and there was no one else errorlevel batch file could take it out on. Her ‘helpers’ would have left if she did. As a volunteer distress center responder looking to stretch my empathy muscle, 500 internal server error vamshop, it was my duty to give her chance after chance.

I hope she felt at least mildly better after the call. I did because I was able to remove my crown of ego and keep it beside me on my chair, even for the short ten minutes of this call.

You have to understand it’s not always about you. Most of the time, it’s not at all about you. People are always, always projecting themselves onto their surroundings. So, never take anything personally.

Lesson 5

I wonder why I can’t be this patient with my mother or my husband or someone closer to me.I plan to absorb the lessons from this encounter so I can extend my patient behavior to them as well.

Please share your thoughts on similar lessons on patience that you have learned in life.

A Neurodinâmica Clínica é uma abordagem diagnóstica quando através de uma sequência específica de movimentos busca impor uma carga sobre as estruturas neurais, observando-se o tipo de resposta que é produzida. É especialmente importante se essa carga imposta é capaz de reproduzir os sintomas do paciente. Portanto, o único papel dessa abordagem com fins diagnósticos será checar se essas estruturas encontram-se sensibilizadas para esses eventos. É importante ressaltar que a produção de mecanossensibilidade é normal, e que é importante observar o que ocorre no membro contralateral para comparação.

No aspecto terapêutico, na medida em que conseguimos modificar os sintomas do paciente através de ajustes na forma/sequencia/carga em que os Testes Neurodinâmicos foram realizados, esses movimentos que deverão ser realizados de forma indolor, permitirão um processo de exposição gradual/ atividade gradual que influenciarão para uma melhora da fisiologia dessas estruturas e sua consequente dessensibilização.

O reconhecimento das bandeiras vermelhas e amarelas que podem dificultar ou impedir a avaliação Neurodinamica e suas ações terapêuticas devem ser consideradas no processo da anamnese inicial.

Compreende-se então o valor da Neurodinâmica Clínica dentro do pensamento Osteopático de atenção à saúde através 500 internal server error vamshop integração dos diferentes sistemas orgânicos, e inserido na estrutura do Modelo Biopsicossocial.

5 dicas para aumentar a durabilidade de suas semijoias

As semijoias podem ter tanta sofisticação quanto uma joia, mas o melhor  dessa opção é ter um preço que cabe no orçamento – o que facilita termos uma variedade de brincos, colares e anéis.

Antes de prosseguir, vale ressaltar que a semijoia é um intermediário entre as joias e as bijuterias. Elas são mais resistentes que as bijus e precisam ser bem cuidadas para terem boa durabilidade, e é importante também salientar que semijoias não são feitas para uso contínuo, como alianças de casamento, por exemplo. São peças de adorno sensíveis que devem receber cuidados específicos para boa conservação.

  1. Evite o contato com produtos químicos. O ouro 18k da semi joia é uma folheação e não uma peça maciça em ouro. …
  2. Não passe perfume quando estiver com a peça. …
  3. Limpe com sabão neutro e água. …
  4. Lustre com uma flanela. …
  5. Guarde com cuidado

Fonte:https://blog.franciscajoias.com.br/aumentar-durabilidade-semi-joias/

xrimatodotisi_mikromesaion_epixeiriseon_LARGE

Νέος Αναπτυξιακός Νόμος 4399/2016 για την επιχορήγηση ιδιωτικών επενδύσεων

Με βάση τον Γενικό Απαλλακτικό Κανονισμό (Γ.Α.Κ.) της Ευρωπαϊκής Επιτροπής 651/2014 (L 187/1 26-6-2014) πραγματοποιήθηκε η σύσταση των καθεστώτων ενίσχυσης ιδιωτικών επενδύσεων στα πλαίσια του Νέου Αναπτυξιακού Νόμου 4399/2016.

Καθεστώτα ενίσχυσης

Τα καθεστώτα ενίσχυσης για τα sip registration error no suitable credential έχει ξεκινήσει η υποβολή αιτήσεων στις 12 Οκτωβρίου 2016 είναι τα εξής:

1. Γενική Επιχειρηματικότητα

Αφορά όλα τα επενδυτικά σχέδια που ορίζονται στις διατάξεις του νόμου

2. Νέες ανεξάρτητες ΜΜΕ

Αφορά επιχειρήσεις υπό 500 internal server error vamshop ή νεοσύστατες οι οποίες συστάθηκαν εντός της τελευταίας επταετίας από την ημερομηνία υποβολής της αίτησης υπαγωγής.

3. Ενίσχυση μηχανολογικού εξοπλισμού

Αφορά όλα τα επενδυτικά σχέδια που ορίζονται στις διατάξεις του νόμου και επιχορηγεί την αγορά και εγκατάσταση καινούριων μηχανημάτων ή μεταχειρισμένων όχι παλαιότερων των επτά ετών, την χρηματοδοτική μίσθωση μηχανημάτων και την αγορά μεταφορικών μέσων για χρήση εντός της επιχείρησης.

4. Επενδύσεις μείζονος μεγέθους

Αφορά όλες τις νομικές μορφές επιχειρήσεων που αναφέρονται στους κοινούς κανόνες δικαίου οι οποίες πρόκειται να υλοποιήσουν επενδυτικά σχέδια άνω των 20 εκ. ευρώ και δημιουργούν 2 τουλάχιστον θέσεις εργασίας ανά 1 εκ. ευρώ επιλέξιμου κόστους επένδυσης. Η ενίσχυση που παρέχεται αφορά την σταθεροποίηση του συντελεστή φορολογίας εισοδήματος νομικών προσώπων κατά την αίτηση υπαγωγής για 12 έτη από την ολοκλήρωση του επενδυτικού σχεδίου. Εναλλακτικά μπορεί να γίνει χρήση της φορολογικής απαλλαγής με ποσοστό ενίσχυσης 10% του ενισχυόμενου κόστους επένδυσης ανεξάρτητα μεγέθους επιχείρησης και έως του ποσού των 5 εκ. ευρώ.

Δικαιούχοι

Δικαιούχοι είναι όλες οι νομικές μορφές που αναφέρονται στις διατάξεις του νόμου. Ατομική επιχείρηση, εμπορικές εταιρείες (ΟΕ, ΕΕ, ΕΠΕ, 500 internal server error vamshop, ΑΕ), Συνεταιρισμοί, ΚΟΙΝ.Σ.ΕΠ. του Ν. 4019/2011 (Α’ 216), Αγροτικοί Συνεταιρισμοί, Ομάδες Παραγωγών, Αγροτικές Εταιρικές Συμπράξεις (ΑΕΣ) του Ν. 4384/2016 (Α’ 78), υπό ίδρυση ή υπό συγχώνευση εταιρείες, Κοινοπραξίες που έχουν καταχωρηθεί στο ΓΕΜΗ, δημόσιες και δημοτικές επιχειρήσεις και οι θυγατρικές τους υπό τις προϋποθέσεις που ορίζει ο νόμος.

Επενδυτικά σχέδια που υπάγονται στα καθεστώτα ενίσχυσης

Στα καθεστώτα ενίσχυσης του παρόντος νόμου υπάγονται επενδυτικά σχέδια όλων των τομέων της οικονομίας με τις επιφυλάξεις του νόμου.

Επενδυτικά σχέδια σχετικά με τον κλάδο της ενέργειας:

Μικροί υδροηλεκτρικοί σταθμοί (μέχρι 15 MW)
Μονάδες συμπαραγωγής ενέργειας υψηλής απόδοσης από ΑΠΕ
Υβριδικοί σταθμοί ΑΠΕ στα Μη διασυνδεδεμένα Νησιά (μέχρι 5 MW)
Παραγωγή θερμότητας και ψύξης από Ανανεώσιμες Πηγές Ενέργειας.
Ενεργειακά αποδοτικά συστήματα τηλεθέρμανσης outlook error 503 τηλεψύξης.
Παραγωγή αειφόρων βιοκαυσίμων καθώς και παραγωγή υφιστάμενων μονάδων παραγωγής βιοκαυσίμων, 500 internal server error vamshop, υπό όρους.

Στον κλάδο του τουρισμού, υπάγονται επενδυτικά σχέδια τα οποία αφορούν:

Ίδρυση ή επέκταση ξενοδοχειακών μονάδων τουλάχιστον τριών (3) αστέρων.
Εκσυγχρονισμό ολοκληρωμένης μορφής ξενοδοχειακών μονάδων που ανήκουν ή αναβαθμίζονται σε κατηγορία τουλάχιστον τριών (3) αστέρων αφού παρέλθει πενταετία από την έναρξη λειτουργίας ή από την ημερομηνία ολοκλήρωσης της προηγούμενης επένδυσης.
Ίδρυση, επέκταση ή εκσυγχρονισμός ολοκληρωμένης μορφής τουριστικών οργανωμένων κατασκηνώσεων (camping) τα οποία ανήκουν ή αναβαθμίζονται σε κατηγορία τουλάχιστον 3 αστέρων.
Ίδρυση και εκσυγχρονισμός ολοκληρωμένης μορφής ξενοδοχειακών μονάδων εντός χαρακτηριζόμενων παραδοσιακών ή διατηρητέων κτηρίων τα οποία ανήκουν ή αναβαθμίζονται σε κατηγορία τουλάχιστον 2 αστέρων.
Σύνθετα τουριστικά καταλύματα όπως ορίζονται στον Ν. 4276/2014 (Α’ 155) εκτός του μέρους αυτού που αφορά σε προς μεταβίβαση ή μακροχρόνια μίσθωση κτήρια και εγκαταστάσεις. Με την προϋπόθεση ότι κατατίθενται ως ενιαία επενδυτικά σχέδια στο πλαίσιο των διατάξεων του νόμου.
Εγκαταστάσεις ειδικής τουριστικής υποδομής (συνεδριακά κέντρα, γήπεδα γκολφ, τουριστικοί λιμένες, χιονοδρομικά κέντρα, θεματικά πάρκα, εγκαταστάσεις ιαματικού τουρισμού, κέντρα αθλητικού τουρισμού, ορειβατικά καταφύγια) όπως ορίζονται στον Ν. 4276/2014 (Α’ 155).
Εγκαταστάσεις Αγροτουρισμού και Οινοτουρισμού όταν υποβάλλεται από επιχειρηματικές συστάδες (clusters).
Ίδρυση ξενώνων φιλοξενίας νέων υπό τις προϋποθέσεις που αναφέρει ο νόμος.

Άλλα επενδυτικά σχέδια που υπάγονται στα καθεστώτα ενίσχυσης είναι:

Μεταποίηση και εμπορία γεωργικών προϊόντων
Αλιεία και υδατοκαλλιέργεια
Γεωργία

Επιχορηγούμενες Δαπάνες

Στα καθεστώτα ενίσχυσης Γενική Επιχειρηματικότητα και Νέες ανεξάρτητες ΜΜΕ οι δαπάνες που επιχορηγούνται αφορούν:

Δαπάνες για ενσώματα στοιχεία ενεργητικού. Αυτά είναι η 500 internal server error vamshop, επέκταση και εκσυγχρονισμός κτηριακών εγκαταστάσεων, τεχνικά έργα, μηχανήματα – τεχνολογικές εγκαταστάσεις και λοιπός εξοπλισμός, αγορές παγίων, κτλ.
Δαπάνες για άυλα στοιχεία ενεργητικού. Ασώματες ακινητοποιήσεις, διπλώματα ευρεσιτεχνίας, άδειες εκμετάλλευσης, δικαιώματα πνευματικής ιδιοκτησίας, συστήματα διασφάλισης ποιότητας. Σε ποσοστό 50% για μεγάλες επιχειρήσεις και 75% για ΜΜΕ.
Μισθολογικό κόστος νέων θέσεων εργασίας για 2 έτη από την δημιουργία της θέσης.
Δαπάνες για μελέτες και συμβουλευτικές υπηρεσίες.
Δαπάνες εκκίνησης.
Δαπάνες για μέτρα ενεργειακής απόδοσης.
Δαπάνες για συμπαραγωγή brochure printing typographical errors υψηλής απόδοσης από ΑΠΕ.
Δαπάνες παραγωγής ενέργειας από ΑΠΕ.
Δαπάνες για εγκατάσταση αποδοτικών συστημάτων τηλεψύξης και τηλεθέρμανσης.

Για το καθεστώς της Ενίσχυσης Μηχανολογικού εξοπλισμού, όπως αναφέρθηκε και παραπάνω, επιχορηγούνται error c2440 void* struct* malloc για την αγορά και εγκατάσταση καινούριων μηχανημάτων ή μεταχειρισμένων όχι παλαιότερων των επτά ετών, την χρηματοδοτική μίσθωση μηχανημάτων και την αγορά μεταφορικών μέσων για χρήση εντός της επιχείρησης.

Ενώ, στο καθεστώς των Επενδύσεων Μείζονος Μεγέθους η ενίσχυση που παρέχεται αφορά την σταθεροποίηση του συντελεστή φορολογίας εισοδήματος νομικών προσώπων κατά την αίτηση υπαγωγής για 12 έτη από την ολοκλήρωση του επενδυτικού σχεδίου. Εναλλακτικά μπορεί να γίνει χρήση της φορολογικής απαλλαγής με ποσοστό ενίσχυσης 10% του ενισχυόμενου κόστους επένδυσης ανεξάρτητα μεγέθους επιχείρησης και έως του ποσού των 5 εκ. ευρώ.

Είδη ενισχύσεων

Η επιχορήγηση που παρέχουν τα καθεστώτα αφορά τα ακόλουθα είδη ενίσχυσης:
Φορολογική απαλλαγή επί των προ φόρων κερδών η οποία υπολογίζεται ως ποσοστό επί της 500 internal server error vamshop ενίσχυσης.
Επιδότηση χρηματοδοτικής μίσθωσης.
Επιδότηση του κόστους δημιουργούμενης απασχόλησης.
Χρηματική επιχορήγηση για ειδικές κατηγορίες ενισχύσεων όπως αυτές ορίζονται στις διατάξεις του νόμου.

Ελάχιστο ύψος επενδυτικού σχεδίου

Ορίζεται ελάχιστο ύψος επένδυσης με βάση το μέγεθος του φορέα που πρόκειται να υλοποιήσει το επενδυτικό σχέδιο και έχει ως εξής:

ΜΕΓΕΘΟΣ ΦΟΡΕΑ

ΕΛΑΧΙΣΤΟ ΥΨΟΣ ΕΠΕΝΔΥΣΗΣ

Μεγάλες επιχειρήσεις

500.000 €

Μεσαίες επιχειρήσεις

250.000 €

Μικρές επιχειρήσεις

150.000 €

Πολύ μικρές επιχειρήσεις

100.000 €

ΚΟΙΝ.Σ.ΕΠ., Συνεταιρισμοί, κτλ.

50.000 €

Ποσοστά επιχορήγησης

Η επιχορήγηση είναι ένα ποσοστό επί της επένδυσης το οποίο κυμαίνεται από 10% και φθάνει έως 45% ανάλογα το μέγεθος της επιχείρησης και την περιφέρεια δραστηριοποίησης. Σε ορισμένες περιπτώσεις ειδικών επενδυτικών δαπανών (δαπάνες εκκίνησης, συμβουλευτικές υπηρεσίες, δαπάνες καινοτομίας, κτλ) η χρηματοδότηση μπορεί να φθάσει έως και το 80% επί των επιλέξιμων δαπανών.
Η κατανομή κατά περιφέρεια και ανά μέγεθος φορέα έχει ως εξής:

Για την Περιφέρεια Κρήτης τα ποσοστά επιχορήγησης είναι:

Για Μεγάλες επιχειρήσεις 15%

Για Μεσαίες 25%

Για Μικρές και Πολύ μικρές 35%

Ανώτατο ποσό ενίσχυσης

Το ανώτατο ποσό ενίσχυσης για κάθε επενδυτικό σχέδιο δεν μπορεί να υπερβεί τα 5 εκ. ευρώ (5.000.000 €), με την επιφύλαξη του νόμου στο άρθρο 67. Για συνεργαζόμενες ή συνδεδεμένες επιχειρήσεις δεν μπορεί να υπερβεί σωρευτικά το ποσό των 10 εκ. ευρώ (10.000.000 €) για μεμονωμένη επιχείρηση και για όμιλο επιχειρήσεων τα 20 εκ. ευρώ (20.000.000 €).

Χρηματοδοτικό σχήμα του επιλέξιμου επενδυτικού σχεδίου

Ο Δικαιούχος συνεισφέρει στο επενδυτικό του σχέδιο σε ποσοστό τουλάχιστον 25% επί του συνολικού επιλέξιμου κόστους της επένδυσης, με ίδια κεφάλαια ή με αύξηση μετοχικού κεφαλαίου ή από νέες εισφορές σε μετρητά ή με κεφαλαιοποίηση αποθεματικών υπό την προϋπόθεση της επαρκούς ρευστότητας. Για το υπόλοιπο κόστος της επένδυσης πλην της κρατικής επιχορήγησης μπορεί να υπάρξει χρηματοδότηση με τραπεζικό δανεισμό.

Καταβολή ενισχύσεων

Η καταβολή της ενίσχυσης γίνεται είτε εφάπαξ με την έκδοση της απόφασης ολοκλήρωσης και έναρξης της παραγωγική ς λειτουργίας του επενδυτικού σχεδίου είτε σταδιακά και εφόσον συντρέχουν οι προϋποθέσεις που ορίζει ο νόμος. Συγκεκριμένα, για την φορολογική απαλλαγή θα πρέπει να έχει ελεγχθεί και να έχει πιστοποιηθεί η υλοποίηση του 50% του κόστους του επενδυτικού σχεδίου υπό την προϋπόθεση της κάλυψης του συνόλου της ιδιωτικής συμμετοχής του δικαιούχου. Κατά ανάλογο τρόπο και η επιχορήγηση καταβάλλεται με την υλοποίηση του 50% του κόστους του i o device error hard drive σχεδίου μετά από πιστοποίηση από το αρμόδιο όργανο ελέγχου. Η επιδότηση χρηματοδοτικής μίσθωσης καταβάλλεται μετά από την πιστοποίηση του αρμόδιου οργάνου ελέγχου για εγκατάσταση στη μονάδα του μισθωμένου εξοπλισμού σύμφωνα με την σύμβαση χρηματοδοτικής μίσθωσης. Η επιδότηση του μισθολογικού κόστους καταβάλλεται μετά από την πιστοποίηση του αρμόδιου οργάνου ελέγχου για την δημιουργία της νέας θέσης εργασίας που συνδέεται με το επενδυτικό σχέδιο.

Χρονικό διάστημα υλοποίησης του επενδυτικού σχεδίου

Η υλοποίηση του επενδυτικού σχεδίου θα πρέπει να έχει ολοκληρωθεί εντός 3 ετών από την ημερομηνία δημοσίευσης της απόφασης υπαγωγής. Ο φορέας υλοποίησης μετά την ολοκλήρωση του επενδυτικού σχεδίου και την πιστοποίηση της έναρξης της παραγωγικής δραστηριότητας θα πρέπει να διατηρεί τις μακροχρόνιες υποχρεώσεις του για διάστημα 3 ετών από την ημερομηνία ολοκλήρωσης, για τις μικρές επιχειρήσεις, 5 ετών για τις 51100 error code nintendo ds και 7 ετών για τις μεγάλες.

Διαδικασία αξιολόγησης και ελέγχου

Στα δύο πρώτα καθεστώτα ενίσχυσης, Γενική επιχειρηματικότητα και Νέες ανεξάρτητες ΜΜΕ, τα επενδυτικά σχέδια αξιολογούνται με την μέθοδο της συγκριτικής αξιολόγησης και διενεργείται επιτόπιος έλεγχος. Στην ενίσχυση μηχανολογικού εξοπλισμού αξιολογούνται με την μέθοδο της άμεση αξιολόγησης και διενεργείται διοικητικός έλεγχος ενώ για το 20% των εγκεκριμένων επενδυτικών σχεδίων πραγματοποιούνται και επιτόπιοι έλεγχοι σε τυχαίο δείγμα. Στο καθεστώς των επενδύσεων μείζονος μεγέθους η αξιολόγηση γίνεται από την Γενική Γραμματεία Στρατηγικών και ιδιωτικών επενδύσεων με την μέθοδο της άμεσης αξιολόγησης. Στα επενδυτικά σχέδια διενεργείται και επιτόπιος έλεγχος μετά την ολοκλήρωσης και την έναρξη της παραγωγικής λειτουργίας της επένδυσης.

Χρονικό διάστημα υποβολής αιτήσεων ανά καθεστώς ενίσχυσης

Γενική επιχειρηματικότητα και Νέες Ανεξάρτητες ΜΜΕ: Από 12 Οκτωβρίου 2016 έως 30 Νοεμβρίου 2016.

Ενίσχυση Μηχανολογικού εξοπλισμού και Επενδύσεις Μείζονος Μεγέθους: Από 12 Οκτωβρίου 2016 έως 27 Απριλίου 2017.

Η ομάδα του Κοινωνικού Επιχειρείν Κρήτης παρέχει πλήρη συμβουλευτική και τεχνική υποστήριξη σχετικά με τον σχεδιασμό του επενδυτικού σας σχεδίου και αναλαμβάνει υπεύθυνα όλη την προετοιμασία για την υποβολή της αίτησης σας στα καθεστώτα ενίσχυσης του Νέου Αναπτυξιακού Νόμου.

Για περισσότερες πληροφορίες μπορούν οι ενδιαφερόμενοι να επικοινωνήσουν μαζί μας μέσω της φόρμας επικοινωνίας ή στα τηλέφωνα 2810334877, 6976463051 ή με e-mail στην 500 internal server error vamshop μας διεύθυνση [email protected] ή [email protected].

Ετικέτες:ΝΕΟΣ ΑΝΑΠΤΥΞΙΑΚΟΣ ΝΟΜΟΣ

NameDescriptionCVE-2022-36922Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS) vulnerability. CVE-2022-36902Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. CVE-2022-34198Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. CVE-2022-34196Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. CVE-2022-34194Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, 500 internal server error vamshop, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. CVE-2022-34192Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Usr/include/gnu/stubs.h 7 27 fatal error gnu/stubs-32.h choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. CVE-2022-34189Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. CVE-2022-34188Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission, 500 internal server error vamshop. CVE-2022-34187Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. CVE-2022-34186Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. CVE-2022-34185Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. CVE-2022-34183Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. CVE-2022-34178Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability. CVE-2022-29540resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints, CVE-2022-27258Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter. CVE-2022-27212Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. CVE-2022-27202Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. CVE-2022-25395Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app. CVE-2022-25191Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. CVE-2022-25189Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission, 500 internal server error vamshop. CVE-2021-44608Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file 500 internal server error vamshop and (2) type parameter in an edit action in index.php. CVE-2021-42078PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple typeerror components.classes cid is undefined firefox, e.g., to perform actions on the page in the context of other users, or to deface the site. CVE-2021-40260Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester Tailor Management 1.0 via the (1) eid parameter in (a) partedit.php and (b) customeredit.php, the (2) id parameter in (a) editmeasurement.php and (b) addpayment.php, and the (3) error parameter in index.php. CVE-2021-39599Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php. CVE-2021-39420Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0.99.5 via the (1) s parameter in search_all.php and the (2) msg parameter in add.attach.php. CVE-2021-39413Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) internet server connection error, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) webmaster-tools.php, and (k) reports.php; the (3) order_col parameter in (a) analytics.php, 500 internal server error vamshop, (b) review.php, (c) social_media.php, and (d) webmaster-tools.php; and the (4) pageno parameter in (a) alerts.php, (b) log.php, (c) keywords.php, (d) proxy.php, (e) searchengine.php, and (f) siteauditor.php. CVE-2021-39412Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in examples_support/editable_ajax.php. CVE-2021-39411Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php. CVE-2021-39390Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter. CVE-2021-36845Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 - "Newsletter" tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (') symbol to break 500 internal server error vamshop context, i.e.: NOTIFY ME' autofocus onfocus=alert(/Visse/);// v=' - this payload will be auto triggered while admin visits this page/tab. 2 - "General" tab issues, vulnerable parameters: &yith_maintenance_message, &yith_maintenance_custom_style, &yith_maintenance_mascotte, &yith_maintenance_title_font[size], &yith_maintenance_title_font[family], &yith_maintenance_title_font[color], &yith_maintenance_paragraph_font[size], &yith_maintenance_paragraph_font[family], &yith_maintenance_paragraph_font[color], &yith_maintenance_border_top. 3 - "Background" tab issues, vulnerable parameters: &yith_maintenance_background_image, &yith_maintenance_background_color. 4 - "Logo" tab issues, vulnerable parameters: &yith_maintenance_logo_image, &yith_maintenance_logo_tagline, &yith_maintenance_logo_tagline_font[size], &yith_maintenance_logo_tagline_font[family], &yith_maintenance_logo_tagline_font[color]. 5 - "Newsletter" tab issues, vulnerable parameters: &yith_maintenance_newsletter_email_font[size], &yith_maintenance_newsletter_email_font[family], &yith_maintenance_newsletter_email_font[color], &yith_maintenance_newsletter_submit_font[size], &yith_maintenance_newsletter_submit_font[family], &yith_maintenance_newsletter_submit_font[color], &yith_maintenance_newsletter_submit_background, &yith_maintenance_newsletter_submit_background_hover, &yith_maintenance_newsletter_title, 500 internal server error vamshop, &yith_maintenance_newsletter_action, &yith_maintenance_newsletter_email_label, &yith_maintenance_newsletter_email_name, &yith_maintenance_newsletter_submit_label, &yith_maintenance_newsletter_hidden_fields. 6 - "Socials" tab issues, vulnerable parameters: &yith_maintenance_socials_facebook, error 17 asus x101h, &yith_maintenance_socials_gplus, &yith_maintenance_socials_youtube, &yith_maintenance_socials_rss, &yith_maintenance_socials_skype, &yith_maintenance_socials_email, &yith_maintenance_socials_behance, &yith_maintenance_socials_dribble, &yith_maintenance_socials_flickr, &yith_maintenance_socials_instagram, &yith_maintenance_socials_pinterest, 500 internal server error vamshop, &yith_maintenance_socials_tumblr, &yith_maintenance_socials_linkedin, 500 internal server error vamshop. CVE-2021-30133A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, 500 internal server error vamshop, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10. CVE-2021-28901Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the (1) NOM_CLI(2) ADRESSE(3) ADRESSE2, (4) LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the (5) nom_liste parameter to /eshop/products/json/addCustomerFavorite. CVE-2021-21699Jenkins Active Choices 500 internal server error vamshop 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. CVE-2021-21667Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. CVE-2021-21635Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. CVE-2021-21630Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. CVE-2021-21628Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. CVE-2021-21622Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. CVE-2021-21618Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. CVE-2021-21616Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. CVE-2020-9758An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials msg 0.0 error atmospheric fusionworks renderer they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters. CVE-2020-9439Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Owl Tin Canny LearnDash Reporting before 3.4.4 allows authenticated remote attackers to inject arbitrary web script or HTML via the search_key GET Parameter in TinCan_Content_List_Table.php, message GET Parameter in licensing.php, tc_filter_group parameter in reporting-admin-menu.php, tc_filter_user parameter in reporting-admin-menu.php, tc_filter_course parameter in reporting-admin-menu.php, tc_filter_lesson parameter in reporting-admin-menu.php, tc_filter_module parameter in reporting-admin-menu.php, tc_filter_action parameter in reporting-admin-menu.php, tc_filter_data_range parameter in reporting-admin-menu.php, or tc_filter_data_range_last parameter in reporting-admin-menu.php. CVE-2020-7994Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to vmware server console an unexplained error occurred /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], 500 internal server error vamshop, field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to the /htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home] parameter to the /htdocs/admin/ihm.php page. CVE-2020-5193PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter. CVE-2020-35650Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgm_code_redeem POST Parameter in user-code-redemption.php, the ulgm_user_first POST Parameter in user-registration-form.php, the ulgm_user_last POST Parameter in user-registration-form.php, the ulgm_user_email POST Parameter in user-registration-form.php, the ulgm_code_registration POST Parameter in user-registration-form.php, the ulgm_terms_conditions POST Parameter in user-registration-form.php, the _ulgm_total_seats POST Parameter in frontend-uo_groups_buy_courses.php, the uncanny_group_signup_user_first POST Parameter in group-registration-form.php, the uncanny_group_signup_user_last POST Parameter in group-registration-form.php, the uncanny_group_signup_user_login POST Parameter in group-registration-form.php, the uncanny_group_signup_user_email POST Parameter in group-registration-form.php, the success-invited GET Parameter in frontend-uo_groups.php, the bulk-errors GET Parameter in frontend-uo_groups.php, or the message GET Parameter in frontend-uo_groups.php. CVE-2020-28092PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id= CVE-2020-27659Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. CVE-2020-27262Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 A stored cross-site scripting (XSS) vulnerability exists in the affected products that allow an attacker to inject arbitrary web script or HTML via the filename parameter to multiple update endpoints of the administrative web interface. CVE-2020-23814Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file. CVE-2020-2257Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. CVE-2020-2238Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. CVE-2020-22158MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the "path" or "Services+ID" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the "name" parameter with the malicious code. CVE-2020-2207Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ 500 internal server error vamshop validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. CVE-2020-2206Jenkins VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, 500 internal server error vamshop, resulting in a reflected cross-site scripting (XSS) vulnerability. CVE-2020-2169A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability. CVE-2020-14959Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter. CVE-2020-14024Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuration, or (4) any GET Parameter in the /default URL of 500 internal server error vamshop application. CVE-2020-13828Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter. CVE-2020-11704An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter. CVE-2020-11702An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter. Share is Reflected via the target parameter. Share is Stored via the displayname parameter. Waitedit is Reflected via the Host header. CVE-2020-10668The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version. CVE-2020-10667The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version. CVE-2019-8349Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) destination parameter to delete feature; the (2) destination parameter to edit 500 internal server error vamshop (3) content parameter in the profile feature. CVE-2019-7417XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter. CVE-2019-7409Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign CMS v6.0.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page, (2) gbs, (3) side, (4) id, (5) imgid, (6) cat, or (7) orderby parameter. CVE-2019-19615Multiple XSS vulnerabilities exist in the Backup & Restore module atibtmon runtime error v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, 500 internal server error vamshop, the XSS payload will render and execute in the context of the victim user's account. CVE-2019-19390The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues. CVE-2019-18205Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies to the search functionality for the searchKey parameter. CVE-2019-17120A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after the user is created. The malicious script is stored and will be executed whenever /WiKIDAdmin/adm_usrs.jsp is visited. CVE-2019-17116A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately after the group is created. The malicious script is stored and will be executed again whenever /WiKIDAdmin/groups.jsp is visited. CVE-2019-17115Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The rendered_message column is retrieved and displayed, unsanitized, on Logs.jsp. A remote attack can populate the rendered_message column with malicious values via: (1) H parameter to /wikid/servlet/com.wikidsystems.server.GetDomainHash (2) S parameter to: - /wikid/DomainData - /wikid/PreRegisterLookup - /wikid/PreRegister - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES (3) a parameter to: - /wikid/PreRegisterLookup - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES. cogs linux opengl error stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scripting occurs immediately after a .csv file is uploaded. The malicious script is stored and can be executed again when the List Pre-Registration functionality is used. CVE-2019-13965Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any XSS sent to the administrator can be transformed to remote command execution because of CVE-2018-10642 (still working through 2.6.0) The Reflective XSS can also become a stored XSS within the same account because of another vulnerability. CVE-2019-11398Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon. CVE-2019-11017On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter. CVE-2019-10677Multiple Cross-Site Scripting (XSS) issues in 500 internal server error vamshop web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd (name), /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg). CVE-2018-7703Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe. CVE-2018-5307Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/./index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality. CVE-2018-5306Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML argc + is error (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/./index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality. CVE-2018-19822Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. CVE-2018-19821Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SecurityPolicies.jsp" has reflected XSS via the ConnPoolName parameter. CVE-2018-19820Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via the ConnPoolName parameter. CVE-2018-19819Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Rights.jsp" has reflected XSS via the ConnPoolName parameter. CVE-2018-19818Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Contacts.jsp" has reflected XSS via the ConnPoolName parameter. CVE-2018-19817Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/AdminAuthorisationFrame.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. CVE-2018-19816Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/categorytree/ChooseCategory.jsp" has reflected XSS via the ConnPoolName parameter. CVE-2018-19815Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/UserPopupAddNewProp.jsp" has reflected XSS via the ConnPoolName parameter. CVE-2018-19814Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. CVE-2018-19813Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. CVE-2018-19812Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SubFolderPackages.jsp" has reflected XSS via the GroupId parameter. CVE-2018-19811Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Import.jsp" has reflected XSS via the ConnPoolName parameter. CVE-2018-19810Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/GroupMove.jsp" has reflected XSS via the ConnPoolName, GroupId, or type parameter. CVE-2018-19809Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/GroupCopy.jsp" has reflected XSS via the ConnPoolName, 500 internal server error vamshop, GroupId, or type parameter. CVE-2018-19782Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter. CVE-2018-19771Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPool.jsp" has reflected XSS via the PropName parameter. CVE-2018-19770Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "Users.jsp" has reflected XSS via the ConnPoolName parameter. CVE-2018-19769Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "UserProperties.jsp" has reflected XSS via the ConnPoolName parameter. CVE-2018-19766Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "GroupRessourceAdmin.jsp" has reflected XSS via the ConnPoolName parameter. CVE-2018-19649XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter. CVE-2018-19414Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to groups.php; (2) username parameter to login.php; or (3) date parameter to search.php, 500 internal server error vamshop. CVE-2018-17443An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1, 500 internal server error vamshop. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS. CVE-2018-17441An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS. CVE-2018-16371PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=. CVE-2018-14929Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter. CVE-2018-12998A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. CVE-2018-10571Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12) form_paydate, (13) form_deposit_date, (14) form_amount, (15) form_name, (16) form_pid, (17) form_encounter, (18) form_date, or (19) form_to_date parameter to interface/billing/sl_eob_search.php; (20) codetype or (21) search_term parameter to interface/de_identification_forms/find_code_popup.php; (22) search_term parameter to interface/de_identification_forms/find_drug_popup.php; (23) search_term parameter to interface/de_identification_forms/find_immunization_popup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) list_id parameter to library/custom_template/personalize.php. CVE-2017-9838Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters). CVE-2017-9813In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS). CVE-2017-9767Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description relocation error libc.so.6 to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate. CVE-2017-9441** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in manifest.json. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files." CVE-2017-9313Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840. CVE-2017-9085Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) "paramFile" parameter to /Site/Troubleshooting/DiagnosticReport.asp, or (2) "paramFile" parameter to /Site/Troubleshooting/SpeedTest.asp. CVE-2017-9037Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5, (3) S_action_fail, (4) S_ptn_update, (5) T113, (6) T114, (7) T115, (8) T117117, (9) T118, (10) T_action_fail, (11) T_ptn_update, (12) textarea, (13) textfield5, or (14) tmLastConfigFileModifiedDate parameter to notification.cgi. CVE-2017-9032Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi. CVE-2017-7998Multiple cross-site scripting (XSS) vulnerabilities in Gespage before 7.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) printer name when adding a printer in the admin panel or (2) username parameter to webapp/users/user_reg.jsp. CVE-2017-7242Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, 500 internal server error vamshop, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php. CVE-2017-5870Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.CVE-2017-5616Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter. CVE-2017-17753Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote 500 internal server error vamshop to inject arbitrary web script or HTML via the (1) cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore parameter to includes/admin/views/esb-cie-import-export-page.php. CVE-2017-17745Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter. CVE-2017-15892Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter. CVE-2017-15867Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) browser, (7) operating_system, or (8) ip_address parameter to admin/partials/listing/listing.php. CVE-2017-14622Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow 500 internal server error vamshop attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php. CVE-2017-14239Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php. CVE-2017-14142Multiple cross-site scripting 500 internal server error vamshop vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to server/admin_console/web/tools/bigRedButton.php; the (3) partnerId, (4) playerVersion, (5) secret, 500 internal server error vamshop, (6) entryId, (7) adminUiConfId, or (8) uiConfId parameter to server/admin_console/web/tools/bigRedButtonPtsPoc.php; the (9) streamUsername, (10) streamPassword, (11) streamRemoteId, (12) streamRemoteBackupId, or (13) entryId parameter to server/admin_console/web/tools/AkamaiBroadcaster.php; the (14) entryId parameter to server/admin_console/web/tools/XmlJWPlayer.php; or the (15) partnerId or (16) playerVersion parameter to server/alpha/web/lib/bigRedButtonPtsPocHlsjs.php, 500 internal server error vamshop. CVE-2017-12792Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php. CVE-2017-12788Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary 500 internal server error vamshop script or HTML via the (1) class1 parameter or the (2) anyid parameter. CVE-2017-11685Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter. CVE-2017-11355Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page. CVE-2016-6523Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php. CVE-2016-5760Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp. CVE-2016-5663Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter. CVE-2016-5060Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save. CVE-2016-4948Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, (5) Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf, (6) Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf, (7) Advanced Configuration Snippet (Safety Valve) for 500 internal server error vamshop krb5.conf, or (8) Active Directory Account Prefix fields in the Kerberos wizard; or (9) classicWizard parameter to cmf/cloudera-director/redirect. CVE-2016-4316Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML 500 internal server error vamshop the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp. CVE-2016-3968Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, 500 internal server error vamshop, CR35iNG UTM appliance with firmware scan flash drive for errors MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header. CVE-2016-3079Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM). CVE-2016-2561Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x www psiterror ru 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page. CVE-2016-2560Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow pioneer avh 5700 error-02 attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page. CVE-2016-2387Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy 500 internal server error vamshop ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220571. CVE-2016-2104Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags. CVE-2016-2103Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do. CVE-2016-1915Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) 500 internal server error vamshop before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp. CVE-2016-1914Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image. CVE-2016-1912Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web essbase error 1014031 or HTML via the (1) lastname, (2) firstname, 500 internal server error vamshop, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php. CVE-2016-1899CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype 500 internal server error vamshop, as demonstrated by a request to blob/cgit.c. CVE-2016-1596Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter. CVE-2016-1595LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter. CVE-2016-1306Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466. CVE-2016-10201Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. CVE-2016-1000307Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, 500 internal server error vamshop, companies, hobbies, fav_movies, fav_music, fav_books parameters to ProfileSettings page; (2) note parameter to PersonalNotes Section; (3) closed_msg, description, allowed_types parameters to WebsiteConfigurations Section. NOTE: the collection_description vector is already covered by CVE-2015-4673. CVE-2016-0769Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter. CVE-2016-0765Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) action parameter. CVE-2016-0711Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource. CVE-2015-8815Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page. CVE-2015-8687Multiple cross-site scripting 500 internal server error vamshop vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do. CVE-2015-8606Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 500 internal server error vamshop 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter impressora samsung ml 2010 online/error admin/security/EditForm/field/Members/item/new/ItemEditForm. CVE-2015-8376Multiple 500 internal server error vamshop scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Navigation Group, or (3) Label parameter to blueprints/sections/edit/1. CVE-2015-8350Multiple cross-site scripting (XSS) vulnerabilities in the Trafd error net/slip.h to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab parameter in a wp_cta_global_settings action to wp-admin/edit.php or (2) wp-cta-variation-id parameter to ab-testing-call-to-action-example/. CVE-2015-7822Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the default URI. CVE-2015-7706Multiple cross-site scripting (XSS) vulnerabilities in Secure Data Space SDS-API before 3.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to api/v3/public/shares/downloads/, the (2) authType parameter to api/v3/auth/login, or the (3) login parameter to api/v3/auth/reset_password. CVE-2015-7667Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter. CVE-2015-7666Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter, 500 internal server error vamshop. CVE-2015-7518Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms. CVE-2015-7391Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/testcases/containerEdit.php; the (4) filter_tc_id or (5) filter_testcase_name parameter to lib/testcases/listTestCases.php; the (6) useRecursion parameter to lib/testcases/tcImport.php; the (7) targetTestCase or (8) created_by parameter to lib/testcases/tcSearch.php; or the (9) HTTP Referer header to third_party/user_contribution/fakeRemoteExecServer/client4fakeXMLRPCTestRunner.php. CVE-2015-7383Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or HTML via the (1) adminUserName, (2) pathToMYSQL, (3) databaseStructureFile, or (4) pathToBibutils parameter to install.php or the (5) adminUserName parameter to update.php. CVE-2015-7373Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner. CVE-2015-7370Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026, allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data-file parameter. CVE-2015-7360Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) "Fortiview threats by users search filtered by vdom" or (5) "PCAP file download generated by the VM scan feature." CVE-2015-6972Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter to server-session-details.jsp; or the (4) search parameter to group-summary.jsp. CVE-2015-6966Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a new_simple action to admin.php or (2) conduct cross-site scripting (XSS) attacks via the content parameter in a new_simple action to admin.php. CVE-2015-6929Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary web script or HTML via the (1) idFilter or (2) nameFilter parameter to cftraces/filter/fl_copy.jsp; the (3) flName parameter to cftraces/filter/fl_crea1.jsp; the (4) serchStatus, (5) refreshTime, or (6) serchNode parameter to cftraces/process/pr_show_process.jsp; the (7) MaxActivationTime, (8) NumberOfBytes, (9) NumberOfTracefiles, (10) SessionName, or (11) serchSessionkind parameter to cftraces/session/se_crea.jsp; the (12) serchSessionDescription parameter to cftraces/session/se_show.jsp; the (13) serchApplication or (14) serchApplicationkind parameter to cftraces/session/tr_crea_filter.jsp; the (15) columKeyUnique, (16) columParameter, (17) componentName, (18) criteria1, (19) criteria2, (20) criteria3, (21) description, (22) filter, (23) id, (24) pathName, (25) tableName, or (26) component parameter to cftraces/session/tr_create_tagg_para.jsp; or the 500 internal server error vamshop userid parameter to home/certificate_association.jsp. CVE-2015-6913Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman.cgi. CVE-2015-6809Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection. CVE-2015-6732Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) wpSummary parameter to Special:FormEdit, the (2) "Template label (optional)" field in a phoenix winphlash error code 161, or a (3) Field name in a template. CVE-2015-6731Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a (1) section_*, (2) template_*, (3) label_*, or (4) new_template parameter to Special:CreateForm or (5) target or (6) alt_form parameter to Special:FormEdit. CVE-2015-6529Multiple error no argument specified scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php. CVE-2015-6528Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter. CVE-2015-6518Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) droptable parameter, or (3) table parameter to phpliteadmin.php. CVE-2015-6510Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) bad pool header error windows 7, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, or (6) count parameter to diag_packet_capture.php; the (7) pppoe_resethour, (8) pppoe_resetminute, (9) wpa_group_rekey, or (10) wpa_gmk_rekey parameter to interfaces.php; the (11) pppoe_resethour or (12) pppoe_resetminute parameter to interfaces_ppps_edit.php; the counter strike vp4 terrorist missions member[] parameter to interfaces_qinq_edit.php; the (14) port or (15) retry parameter to load_balancer_pool_edit.php; the (16) pkgrepourl parameter to pkg_mgr_settings.php; the (17) zone parameter to services_captiveportal.php; the port parameter to (18) services_dnsmasq.php or (19) services_unbound.php; the (20) cache_max_ttl or (21) cache_min_ttl parameter to services_unbound_advanced.php; the (22) sshport parameter to system_advanced_admin.php; the (23) id, (24) tunable, (25) descr, or (26) value parameter to system_advanced_sysctl.php; the (27) firmwareurl, (28) repositoryurl, or (29) branch parameter to system_firmware_settings.php; the (30) pfsyncpeerip, (31) synchronizetoip, (32) username, or (33) passwordfld parameter to system_hasync.php; the (34) maxmss parameter to vpn_ipsec_settings.php; the (35) ntp_server1, (36) ntp_server2, (37) wins_server1, 500 internal server error vamshop, or (38) wins_server2 parameter to vpn_openvpn_csc.php; or unspecified parameters to (39) load_balancer_relay_action.php, (40) load_balancer_relay_action_edit.php, (41) load_balancer_relay_protocol.php, or (42) load_balancer_relay_protocol_edit.php. CVE-2015-6509Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableentries, or (6) aliasesresolveinterval parameter to system_advanced_firewall.php; (7) proxyurl, (8) 500 internal server error vamshop, or (9) proxyport parameter to system_advanced_misc.php; or (10) name, 500 internal server error vamshop, (11) notification_name, (12) ipaddress, (13) password, (14) smtpipaddress, (15) smtpport, (16) smtpfromaddress, (17) smtpnotifyemailaddress, (18) smtpusername, or (19) smtppassword parameter to system_advanced_notifications.php. CVE-2015-6238Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin phoenix winphlash error code 2 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ga_adsense, (2) ga_admin_disable_DimentionIndex, (3) ga_downloads_prefix, (4) ga_downloads, or (5) ga_outbound_prefix parameter in the google-analyticator page to wp-admin/admin.php. CVE-2015-6017Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter. CVE-2015-6010Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to error.php; the (3) viewType parameter to duplicate_manager.php; the (4) queryAction, (5) displayType, (6) citeOrder, 500 internal server error vamshop, (7) sqlQuery, (8) showQuery, (9) showLinks, (10) showRows, or (11) queryID parameter to query_manager.php; the (12) sourceText or (13) sourceIDs parameter to import.php; or the (14) typeName or (15) fileName parameter to modify.php. CVE-2015-5534Multiple cross-site request forgery error c2440 static_cast cannot convert vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) conduct cross-site scripting (XSS) attacks via the maintenance_text parameter to admin/pages/maintenance. CVE-2015-5532Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php. CVE-2015-5529Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to dashboard/settings/categories/, (2) title or (3) rel parameter to dashboard/settings/links/, or (4) url parameter to dashboard/tools/pingservers/. CVE-2015-5483Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add users, 500 internal server error vamshop, (2) delete posts, or (3) modify PHP files via unspecified vectors, or (4) conduct cross-site scripting (XSS) attacks via the po_logo 500 internal server error vamshop in the privateonly.php page to wp-admin/options-general.php. CVE-2015-5355Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php. CVE-2015-5150Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp. CVE-2015-5076Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin/formEditor.php; the (2) importId parameter in protected/views/admin/rollbackImport.php; the (3) bc, (4) fg, (5) bgc, or (6) font parameter in protected/views/site/listener.php; the (7) Services[*] parameter in protected/components/views/webForm.php; the (8) file parameter in protected/components/TranslationManager.php; the (9) x2_key parameter in protected/tests/webscripts/x2WebTrackingTestPages/customWebLeadCaptureScriptTest.php; the (10) id parameter in protected/modules/contacts/controllers/ContactsController.php; or the (11) lastEventId parameter to index.php/profile/getEvents. CVE-2015-5066Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter intel cpu ucode loading error + asus the posts page to index.php. CVE-2015-5064Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite Administrator (mysql-lite-administrator) beta-1 allow remote attackers to inject arbitrary web script or HTML via the table_name parameter to (1) tabella.php, (2) coloni.php, or (3) insert.php or (4) num_row parameter to coloni.php. CVE-2015-5063Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php. CVE-2015-4679Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account parameter to ddns.stm. CVE-2015-4673Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action directshow error opening file/stream the (2) photo_description, (3) photo_tags, or (4) photo_title parameter to upload/actions/photo_uploader.php. CVE-2015-4656Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t parameter to photo/. CVE-2015-4631Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, 500 internal server error vamshop, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl. CVE-2015-4630Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl. CVE-2015-4427Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or 500 internal server error vamshop LangType parameter. CVE-2015-4420Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) crafted check plugin, the (2) description in a host profile, or the (3) plugin_args parameter to a Test service check page. CVE-2015-4272Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580. CVE-2015-3904Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php in the Roomcloud plugin before 1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) pin, (2) start_day, (3) start_month, (4) start_year, (5) end_day, (6) end_month, (7) end_year, (8) lang, (9) adults, or (10) children parameter. CVE-2015-3883Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) "Name of application" on index.php/configuration; (3) a new project name on index.php/projects; (4) the task name on index.php/tasks; (5) ticket name on index.php/tickets; (6) discussion name on index.php/discussions; (7) report name on index.php/projectReports; or (8) event name on index.php/scheduler/personal. CVE-2015-3647Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action. CVE-2015-3447Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter. CVE-2015-3300Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in fatal error processing configuration file /etc/proftpd/proftpd.conf admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php. CVE-2015-3141Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1) SMTP domain or a (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating 500 internal server error httpd.conf new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration. CVE-2015-2973Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3) includes/edit-form-advanced30.php, (4) includes/edit-form-advanced34.php, (5) includes/member_edit_form.php, (6) includes/order_edit_form.php, (7) includes/order_list.php, or (8) includes/usces_item_master_list.php, related to admin.php. CVE-2015-2796Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php. CVE-2015-2755Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php. CVE-2015-2703Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via the (1) ws-userip in the ws-encdata parameter error 3194 ipad 2 update cve-bin/moreBlockInfo.cgi in the Data Security block page or (2) admin_msg parameter to configure/ssl_ui/eva-config/client-cert-import_wsoem.html in the Content Gateway, which is not properly handled in an error message. CVE-2015-2690Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the (1) add_license_key, (2) add_license_first_name, (3) add_license_last_name, (4) add_license_company, (5) add_license_address1, (6) add_license_address2, (7) add_license_city, (8) add_license_state, (9) add_license_post_code, (10) add_license_country, (11) add_license_phone, or (12) add_license_email parameter in an add-license-form page to admin/config.php. CVE-2015-2681Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) grub loading error unknown filesystem, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm. CVE-2015-2678Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page coolpix lens error gxadmin/index.php or (2) page parameter to index.php. CVE-2015-2351Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp, (2) workplaceresource parameter to system/workplace/locales/en/help/index.html, (3) path parameter to system/workplace/views/admin/admin-main.jsp, (4) mode parameter to system/workplace/views/explorer/explorer_files.jsp, or (5) query parameter in a search action to system/modules/org.opencms.workplace.help/elements/search.jsp. CVE-2015-2347Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req parameter to flexdata.action in (1) common/, (2) monitor/, or (3) psnpm/ or the (4) module XML element in the req parameter to flexdata.action in monitor/. CVE-2015-2295Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter. CVE-2015-2294Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue parameter in an add action to firewall_shaper.php; (5) id parameter in an edit action to services_unbound_acls.php; or (6) filterlogentries_time, (7) filterlogentries_sourceipaddress, (8) filterlogentries_sourceport, (9) filterlogentries_destinationipaddress, (10) filterlogentries_interfaces, (11) filterlogentries_destinationport, (12) filterlogentries_protocolflags, or (13) filterlogentries_qty parameter to diag_logs_filter.php. CVE-2015-2250Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) channel parameter to index.php/dashboard/reports/logs/view, (3) accessType parameter to index.php/tools/required/permissions/access_entity, (4) msCountry parameter to index.php/dashboard/system/multilingual/setup/load_icon, 500 internal server error vamshop, arHandle parameter to (5) design/submit or (6) design in index.php/ccm/system/dialogs/area/design/submit, (7) pageURL to index.php/dashboard/pages/single, (8) SEARCH_INDEX_AREA_METHOD parameter to index.php/dashboard/system/seo/searchindex/updated, (9) unit parameter to index.php/dashboard/system/optimization/jobs/job_scheduled, (10) register_notification_email parameter to index.php/dashboard/system/registration/open/1, or (11) PATH_INFO to index.php/dashboard/extend/connect/. CVE-2015-2244Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) center, (3) lap, (4) termid, or (5) nyelv_id parameter to index.php. CVE-2015-2223Multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the (1) Arguments, (2) FileName, or (3) URL parameter in a SOAP request. CVE-2015-2220Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php. CVE-2015-2218Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. CVE-2015-2217Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or (2) avatar parameter to profile.php. CVE-2015-2207Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter. CVE-2015-2198Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message. CVE-2015-2195Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3) s parameter in the wp-media-cleaner page to wp-admin/upload.php. CVE-2015-2182Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-5322. CVE-2015-2165Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) toDate, (4) fromTime, (5) toTime, (6) kword, (7) uname, (8) pname, (9) sname, (10) atype, or (11) atitle parameter to top-links.jsp; (12) portal or (13) uid parameter to (a) page-summary.jsp or (b) service-summary.jsp; (14) portal, (15) fromDate, (16) toDate, (17) fromTime, (18) toTime, (19) sortDirection, (20) kword, (21) uname, (22) pname, (23) sname, (24) file, (25) atype, or (26) atitle parameter to (c) top-useragent-devices.jsp or (d) top-interest-areas.jsp; (27) fromDate, 500 internal server error vamshop, (28) toDate, (29) fromTime, 500 internal server error vamshop, (30) toTime, (31) sortDirection, (32) kword, (33) uname, (34) pname, (35) sname, (36) file, (37) atype, or (38) atitle parameter to top-message-services.jsp; 500 internal server error vamshop portal, (40) fromDate, (41) toDate, (42) fromTime, (43) wait f1 if error, (44) orderBy, (45) sortDirection, 500 internal server error vamshop, (46) kword, (47) uname, (48) pname, (49) sname, (50) file, (51) atype, or (52) atitle parameter to (e) user-statistics.jsp, (f) top-web-pages.jsp, (g) top-devices.jsp, (h) top-pages.jsp, (i) session-summary.jsp, (j) top-providers.jsp, (k) top-modules.jsp, or (l) top-services.jsp; (53) fromDate, (54) toDate, (55) fromTime, (56) toTime, (57) orderBy, (58) sortDirection, (59) uid, (60) uid2, (61) kword, (62) uname, (63) pname, (64) sname, (65) file, (66) atype, or (67) atitle parameter to message-shortcode-summary.jsp; (68) fromDate, (69) toDate, (70) fromTime, (71) toTime, (72) orderBy, (73) sortDirection, sacred gold initapp error initializing directx uid, (75) kword, (76) uname, (77) pname, (78) sname, (79) file, (80) atype, or (81) atitle parameter to (m) message-providers-summary.jsp or (n) message-services-summary.jsp; (82) kword, (83) uname, (84) pname, (85) sname, (86) file, (87) atype, or (88) atitle parameter to license-summary.jsp; (89) portal, (90) fromDate, (91) toDate, (92) fromTime, (93) toTime, (94) orderBy, (95) sortDirection, (96) uid, (97) uid2, (98) kword, (99) uname, (100) pname, (101) sname, (102) file, (103) atype, or (104) atitle parameter to useragent-device-summary.jsp; (105) fromDate, (106) toDate, (107) fromTime, (108) toTime, (109) orderBy, (110) sortDirection, 500 internal server error vamshop, (111) kword, (112) uname, (113) pname, (114) sname, 500 internal server error vamshop, (115) file, (116) atype, or (117) atitle parameter to (o) top-message-providers.jsp, (p) top-message-devices.jsp, (q) top-message-assets.jsp, (r) top-message-downloads.jsp, or (s) top-message-shortcode.jsp; (118) fromDate, (119) toDate, (120) fromTime, (121) toTime, (122) kword, (123) uname, (124) pname, 500 internal server error vamshop, (125) sname, (126) file, (127) atype, or (128) atitle parameter to request-summary.jsp; (129) portal parameter to link-summary-select.jsp, (130) provider-summary-select.jsp, or (131) module-summary-select.jsp; (132) portal, (133) uid, (134) kword, (135) uname, (136) pname, (137) sname, (138) file, (139) atype, or (140) atitle parameter to link-summary.jsp; (141) portal, (142) fromDate, (143) toDate, (144) fromTime, (145) toTime, (146) orderBy, (147) sortDirection, (148) uid, (149) kword, (150) uname, (151) pname, (152) sname, (153) file, (154) atype, or (155) atitle parameter to (t) provider-summary.jsp or (u) module-summary.jsp in reports/pages/. CVE-2015-2144Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js parameter to group.php; the (4) Description parameter to status.php; the (5) Description parameter to severity.php; the (6) Regex parameter to os.php; or the (7) Name parameter to database.php. CVE-2015-2089Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) csj_width, (3) csj_height, (4) csj_sleep, (5) csj_fade, or (6) upload_image parameter in the thisismyurl_csj.php page errors were encountered while processing sphinxsearch wp-admin/options-general.php. CVE-2015-2068Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php. CVE-2015-2064Multiple cross-site scripting (XSS) vulnerabilities in DLGuard 5, 4.6, and 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) c, or (3) redirect parameter to index.php or (4) search field (searchTerm parameter) in the main page. CVE-2015-2043Multiple cross-site scripting (XSS) vulnerabilities 500 internal server error vamshop Visualware MyConnection Server 8.2b allow remote attackers to inject arbitrary web script or HTML via the (1) bt, (2) variable, 500 internal server error vamshop, or (3) et parameter to myspeed/db/historyitem. CVE-2015-2039Multiple cross-site request forgery (CSRF) vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or (2) conduct cross-site scripting (XSS) attacks via the acobot_token parameter in the acobot page to wp-admin/options-general.php. CVE-2015-1614Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) image_metadata_cruncher[alt] or (2) image_metadata_cruncher[caption] parameter in an update action in the image_metadata_cruncher_title page to wp-admin/options.php or (3) custom image meta tag to the image metadata cruncher page. CVE-2015-1603Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id parameter in a users_users action to asys/site/system.php. CVE-2015-1582Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the appid parameter in a registration task to the default URI or remote administrators to inject arbitrary web script or HTML via the (2) asc_or_desc, (3) order_by, (4) page_number, (5) serch_or_not, or (6) search_events_by_title parameter in (a) the Spider_Facebook_manage page to wp-admin/admin.php or a (b) selectpagesforfacebook or (c) selectpostsforfacebook action to wp-admin/admin-ajax.php. CVE-2015-1581Multiple cross-site request forgery (CSRF) vulnerabilities in the Mobile Domain plugin 1.5.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) domain, (3) text, (4) font, (5) fontcolor, (6) color, or (7) padding parameter in an add-domain action in the mobile-domain page to wp-admin/options-general.php. CVE-2015-1580Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) source or (3) redir parameter in an add action in the redirection-page to wp-admin/options-general.php. CVE-2015-1575Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php; the (5) a or (6) b parameter to u5admin/cookie.php; the name parameter to (7) copy.php or (8) delete.php in u5admin/; the (9) f or (10) typ parameter to u5admin/deletefile.php; the (11) n parameter to u5admin/done.php; the (12) c parameter to u5admin/editor.php; the (13) uri parameter to u5admin/meta2.php; the (14) n parameter to u5admin/notdone.php; the (15) newname parameter to u5admin/rename2.php; the (16) l parameter to u5admin/sendfile.php; the (17) s parameter to u5admin/characters.php; the (18) page parameter to u5admin/savepage.php; or the (19) name parameter to u5admin/new2.php. CVE-2015-1562Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to admin/user_management.php, (2) data_search parameter to /admin/profile_data.php, or (3) filter parameter to error_log.php. CVE-2015-1475Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to forum.php or the (3) page or (4) order parameter to (a) board_entry.php or (b) forum_entry.php. CVE-2015-1437Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm. CVE-2015-1435Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php. CVE-2015-1422Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4) jak_css, (5) jak_delete_log[], (6) jak_email, (7) jak_extfile, (8) jak_file, (9) jak_hookshow[], (10) jak_img, (11) jak_javascript, 500 internal server error vamshop, (12) jak_lcontent, (13) jak_name, (14) jak_password, 500 internal server error vamshop, (15) jak_showcontact, 500 internal server error vamshop, (16) jak_tags, (17) jak_title, (18) jak_url, (19) jak_username, (20) real_hook_id[], (21) sp, (22) sreal_plugin_id[], (23) ssp, or (24) sssp parameter to admin/index.php or the (25) editor, (26) field_id, (27) fldr, (28) lang, (29) popup, (30) subfolder, or (31) type parameter to js/editor/plugins/filemanager/dialog.php. CVE-2015-1373Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search request, (2) username in a login request, which is not properly handled when logging the event, or (3) page title in an insert action. CVE-2015-1368Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/. CVE-2015-1366Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter. CVE-2015-1179Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter. CVE-2015-1178Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id parameter. CVE-2015-1058Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 500 internal server error vamshop allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add, (2) data[Field][title] parameter to admin/fields/ajax_fields/, (3) name property in a basicInfo JSON object to admin/tools/create_theme, (4) data[Link][link_title] parameter to admin/links/links/add, or (5) data[ForumTopic][subject] parameter to forums/off-topic/new. CVE-2015-1028Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer). CVE-2015-1026Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk Roles. CVE-2015-0882Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php. CVE-2015-0866Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do. CVE-2015-0737Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099. CVE-2015-0526Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter. CVE-2015-0522Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary web script or HTML via vectors related to the email address parameter. CVE-2015-0521Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter. CVE-2014-9916Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php. CVE-2014-9711Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, 500 internal server error vamshop, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page. CVE-2014-9606Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/. CVE-2014-9570Multiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAdvisor Simple Security plugin 1.1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) datefilter parameter in the access_log page to wp-admin/users.php or (2) simple_security_ip_blacklist[] parameter in an add_blacklist_ip action in the ip_blacklist page to wp-admin/users.php. CVE-2014-9569Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285, 500 internal server error vamshop. CVE-2014-9528SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and application load error 5 f1 allows vnode_pager_putpages i/o error 28 authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error. CVE-2014-9526Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php. CVE-2014-9525Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_popup_subtitle parameter in the wp-popup.php page to wp-admin/options-general.php. CVE-2014-9524Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php. CVE-2014-9523Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_our_team_member_count parameter in the sc_team_settings page to wp-admin/edit.php. CVE-2014-9477Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter. CVE-2014-9468Multiple cross-site scripting (XSS) vulnerabilities in InstantASP InstantForum.NET 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0, and 3.4.0 allow remote attackers to inject arbitrary web script 500 internal server error vamshop HTML via the SessionID parameter to (1) Join.aspx or (2) Logon.aspx. CVE-2014-9460Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) vgb_page or (3) vgb_items_per_pg parameter in the wp-vipergb page to wp-admin/options-general.php. CVE-2014-9454Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple-sticky-footer page to wp-admin/themes.php. CVE-2014-9446Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 error writing cmt 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl. CVE-2014-9441Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php. CVE-2014-9437Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_social_slider_margin parameter in a wpbs_save_settings action in the wpbs_panel page to wp-admin/admin.php. CVE-2014-9435Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username parameter to admin/admin.php, or (4) title parameter to admin/managerrelated.php. CVE-2014-9434Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter. CVE-2014-9433Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow 500 internal server error vamshop attackers to inject arbitrary web script or HTML via the (1) idart, (2) 500 internal server error vamshop, or (3) idcat parameter. CVE-2014-9429Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an 500 internal server error vamshop action to httpd/cgi-bin/ddns.cgi. CVE-2014-9413Multiple cross-site request forgery (CSRF) vulnerabilities in the IP Ban (simple-ip-ban) plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ip_list, (2) user_agent_list, or (3) redirect_url parameter in the simple-ip-ban page to wp-admin/options-general.php. CVE-2014-9412Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216. CVE-2014-9400Multiple cross-site request forgery (CSRF) vulnerabilities in the Wp Unique Article Header Image plugin 1.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) gt_default_header or (2) gt_homepage_header parameter in the wp-unique-header.php page to wp-admin/options-general.php. CVE-2014-9396Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleFlickr plugin 3.0.3 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simpleflickr_width, (2) simpleflickr_bgcolor, or (3) simpleflickr_xmldatapath parameter in the simpleFlickr.php page to wp-admin/options-general.php. CVE-2014-9395Multiple cross-site request forgery (CSRF) vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simplehoverback, (2) simplehovertext, (3) flickrback, or (4) simple_flimit parameter in the simplelife.php page to wp-admin/options-general.php. CVE-2014-9394Multiple cross-site request forgery (CSRF) vulnerabilities in the PWGRandom plugin 1.11 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) pwgrandom_title or (2) pwgrandom_category parameter in the pwgrandom page to wp-admin/options-general.php. CVE-2014-9393Multiple cross-site request forgery (CSRF) vulnerabilities in the Post to Twitter plugin 0.7 and earlier for Pdp setup failed unknown data error allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) idptt_twitter_username or (2) idptt_tweet_prefix parameter to wp-admin/options-general.php. CVE-2014-9391Multiple cross-site request forgery (CSRF) vulnerabilities in the gSlideShow plugin 0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) rss, (2) display_time or (3) transistion_time parameter in the gslideshow.php page to wp-admin/options-general.php. CVE-2014-9349Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) nom or (2) user_agent parameter to admin/robots.php. CVE-2014-9341Multiple cross-site request forgery (CSRF) vulnerabilities in the yURL ReTwitt plugin 1.4 and earlier for WordPress allow remote attackers to hijack the authentication of 500 internal server error vamshop for requests that conduct cross-site scripting (XSS) attacks via the (1) yurl_login or (2) yurl_anchor parameter in the yurl page to wp-admin/options-general.php. CVE-2014-9340Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCommentTwit plugin 0.5 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the wpCommentTwit.php page to wp-admin/options-general.php. CVE-2014-9339Multiple cross-site request forgery (CSRF) vulnerabilities in the SPNbabble plugin 1.4.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the spnbabble.php page to wp-admin/options-general.php. CVE-2014-9338Multiple cross-site request forgery (CSRF) vulnerabilities in the O2Tweet plugin 0.0.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) o2t_username or (2) o2t_tags parameter to wp-admin/options-general.php. CVE-2014-9337Multiple cross-site request forgery (CSRF) vulnerabilities in the Mikiurl Wordpress Eklentisi plugin 2.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) twitter_kullanici or (2) twitter_sifre parameter in a error 017 undefined symbol dini_floatset action in the mikiurl.php page to wp-admin/options-general.php. CVE-2014-9336Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwitter plugin 0.04 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) itex_t_twitter_username or (2) itex_t_twitter_userpass parameter in the iTwitter.php page to wp-admin/options-general.php. CVE-2014-9335Multiple cross-site request forgery (CSRF) vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) email_address or (2) sidebarTitle parameter in the dandyid-services.php page to wp-admin/options-general.php. CVE-2014-9334Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird Feeder plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) user 500 internal server error vamshop (2) password parameter in the bird-feeder page to wp-admin/options-general.php. CVE-2014-9243Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5) news/modify_post.php, or (6) news/modify_settings.php in wb/modules/. CVE-2014-9241Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an objidl.h error c2061 action or (4) file parameter in the config-languages module in an edit action to admin/index.php. CVE-2014-9236Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 500 internal server error vamshop and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter. CVE-2014-9212Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attribute section. CVE-2014-9146Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to 500 internal server error vamshop arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php. CVE-2014-9103Multiple cross-site scripting (XSS) vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote attackers 500 internal server error vamshop inject arbitrary web script or HTML via the (1) index value of an array parameter or the filename parameter in the Content-Disposition header to the (2) file or (3) profile image upload functionality, 500 internal server error vamshop. CVE-2014-9101Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks or possibly have other unspecified impact via the (1) label parameter to admin/users/roles/, (2) lang[1][base][questions_account_type_5615100a931845eca8da20cfdf7327e0] in an AddAccountType action or (3) qst_name parameter in an addQuestion action to admin/questions/ajax-responder/, or (4) form_name or (5) restrictedUsername parameter to admin/restricted-usernames. CVE-2014-9098Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the videoadssearchQuery parameter to (1) videoads/videoads.php, (2) video/video.php, or (3) playlist/playlist.php. CVE-2014-9094Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin reply read error from local sendmail WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter. CVE-2014-9021Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) 500 internal server error vamshop, or (5) tr69cDebugEnable parameter to the TR-069 client page (tr69cfg.cgi); the (6) timezone parameter to the Time and date page (sntpcfg.sntp); or the (7) hostname parameter in a save action to the Quick Stats page (psilan.cgi). NOTE: this issue was SPLIT from CVE-2014-9020 per ADT1 due to different affected products and codebases. CVE-2014-9020Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases. CVE-2014-9019Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi. CVE-2014-8996Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow 500 internal server error vamshop attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.php. CVE-2014-8954Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php. CVE-2014-8869Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) app_android_id or (2) app_kindle_url parameter. CVE-2014-8809Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) compose_text parameter in a sendMail action to ajax/mail_functions.php, (3) comment parameter in an add_comment action to ajax/lounge_functions.php, or (4) name parameter in a create_album action to ajax/gallery_functions.php. CVE-2014-8793Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php. CVE-2014-8752Multiple cross-site scripting (XSS) vulnerabilities in view.php in JCE-Tech PHP Video Script (aka Video Niche Script) 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) video or (2) title parameter. CVE-2014-8751Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress 13.00.06 allow remote attackers to inject arbitrary web script or HTML via the (1) search_param parameter to search.php or (2) name, (3) address, or (4) comment parameter to forms.php. CVE-2014-8690Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to index.php, or the (3) "First Name" or (4) "Last Name" field to users/edituser. CVE-2014-8674Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code. CVE-2014-8593Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter to admin.php or (3) go.php. CVE-2014-8577Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to admin/blocks/blocks/edit page; (4) data[Region][title] parameter to admin/blocks/regions/add page; (5) data[Menu][title] or (6) data[Menu][alias] parameter to admin/menus/menus/add page; or (7) data[Link][title] parameter to admin/menus/links/add/menu page. CVE-2014-8505Multiple cross-site scripting (XSS) vulnerabilities in Etiko CMS allow remote attackers to inject arbitrary web script or HTML via the (1) page_id parameter to loja/index.php or (2) article_id parameter to index.php. CVE-2014-8492Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter. CVE-2014-8381Multiple cross-site scripting (XSS) vulnerabilities in Megapolis.Portal Manager allow remote attackers to inject arbitrary web script or HTML via the (1) dateFrom or (2) dateTo parameter. CVE-2014-8365Multiple cross-site scripting (XSS) vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) email parameter to contact.php or (3) PATH_INFO to setup.php, related to the "PHP_SELF" variable. CVE-2014-8307Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter in the "drop down TOP menu (with path)" section or (2) print_this_page variable in the footer_content_block section, as demonstrated by the QUERY_STRING to (a) index.php, (b) checkout.php, (c) contact.php, (d) detail.php, (e) distro.php, 500 internal server error vamshop, (f) newsletter.php, (g) page.php, (h) profile.php, (i) search.php, (j) sitemap.php, (k) task.php, or (l) tell.php. CVE-2014-8306SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter. CVE-2014-8071Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to allergyui/allergy.page; the (6) w10 parameter to htmlformentryui/htmlform/enterHtmlForm/submit.action; the (7) HTTP Referer Header to login.htm; the (8) returnUrl parameter to htmlformentryui/htmlform/enterHtmlFormWithStandardUi.page or (9) coreapps/mergeVisits.page; or 500 internal server error vamshop (10) visitId parameter to htmlformentryui/htmlform/enterHtmlFormWithSimpleUi.page. CVE-2014-7987Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php. CVE-2014-7958Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter. CVE-2014-7957Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the toggled parameter in a toggle action in the pods-components page to wp-admin/admin.php, (2) delete a pod in a delete adobe reader 3d parsing error in error false reason qm done await pods page to wp-admin/admin.php, (3) reset pod settings and data via the pods_reset parameter in the pod-settings page to wp-admin/admin.php, (4) deactivate and reset pod data via the pods_reset_deactivate parameter in the pod-settings page to wp-admin/admin.php, (5) delete the admin role via the id parameter in a delete action in the pods-component-roles-and-capabilities page to wp-admin/admin.php, or (6) enable "roles and capabilities" in a toggle action in the pods-components page to wp-admin/admin.php. CVE-2014-7291Multiple cross-site scripting (XSS) vulnerabilities in api_events.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) m or (2) cid parameter. CVE-2014-7290Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll. CVE-2014-7200Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via the tx_dmmjobcontrol_pi1[search][keyword] parameter to jobs/. CVE-2014-7183Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING. CVE-2014-7182Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker action in the wp-google-maps-menu page to wp-admin/admin.php. CVE-2014-7151Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms Lite c+ + linker fatal error code 5 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the form_fields parameter in a (1) do_edit or (2) do_insert action to wp-admin/admin-ajax.php. CVE-2014-7139Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form 500 internal server error vamshop (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) form or (2) enc parameter in the CF7DBPluginShortCodeBuilder page to wp-admin/admin.php. CVE-2014-6619Multiple cross-site scripting (XSS) vulnerabilities in register-exec.php in Restaurant Script (PizzaInn_Project) 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, or (3) login parameter. CVE-2014-6445Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) uE or (2) uC parameter. CVE-2014-6444Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin before 1.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to iframe-googlefont-preview.php or the (2) text parameter to iframe-font-preview.php. CVE-2014-6315Multiple cross-site scripting (XSS) vulnerabilities in the 500 internal server error vamshop Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php. CVE-2014-6280Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject vba excel on error msgbox web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported action to oc-admin/index.php. CVE-2014-5437Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php, (2) add a port forwarding rule via a request to port_forwarding_add.php, (3) change the wireless network to open via a 500 internal server error vamshop to wireless_network_configuration_edit.php, or (4) conduct cross-site scripting (XSS) attacks via the keyword parameter to managed_sites_add_keyword.php. CVE-2014-5347Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for Error - 5101 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) disqus_replace, (2) disqus_public_key, or (3) disqus_secret_key parameter to wp-admin/edit-comments.php in manage.php or that (4) reset or (5) delete plugin options via the reset parameter to wp-admin/edit-comments.php. CVE-2014-5345Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows 500 internal server error vamshop attackers to inject arbitrary web script or HTML via the step parameter. CVE-2014-5276Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php. CVE-2014-5257Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request or (2) id_game parameter in an alms/games/edit request to appCore/index.php. CVE-2014-5216Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412. CVE-2014-5178Multiple cross-site scripting (XSS) vulnerabilities in Easy File Sharing (EFS) Web Server 6.8 allow remote authenticated users to inject arbitrary web script or HTML via the content parameter when (1) creating a topic or (2) posting an answer. NOTE: some of these details are obtained from third party information. CVE-2014-5113Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, 500 internal server error vamshop, or (12) duration parameter. CVE-2014-5105Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a 500 internal server error vamshop action to affiliate_signup.php or (2) entry_country_id parameter in an edit action to admin/create_account.php. CVE-2014-5101Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authnet_id, (12) TPL_authnet_pass, (13) TPL_worldpay_id, (14) TPL_toocheckout_id, or (15) TPL_moneybookers_email in a first action to register.php or the (16) username parameter in a login action to user_login.php. CVE-2014-5100Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security. CVE-2014-5016Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2) the sa parameter to application/views/admin/globalSettings_view.php, or (3) a crafted CSV file to the "Import CSV" functionality. CVE-2014-4965Multiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) customername parameter to central/orders/searchcriteria.action; (2) productname, (3) availability, or (4) status parameter to central/catalog/productlist.action; or unspecified vectors in (5) WebContent/orders/orderlist.jsp. CVE-2014-4930Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter. Fixed in Build 11072, 500 internal server error vamshop. CVE-2014-4849Multiple cross-site scripting (XSS) vulnerabilities in msg.php in FoeCMS allow remote attackers to inject arbitrary web script or HTML via the (1) e or (2) r parameter. 500 internal server error vamshop cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 500 internal server error vamshop, or (5) do parameter to account.php. CVE-2014-4743Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before 4.5 allow remote attackers to inject arbitrary web script or HTML via the search parameter. CVE-2014-4718Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extensions.php. CVE-2014-4717Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts. an unknown error has occurred illustrator cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified variables to snort_select_alias.php. CVE-2014-4687Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php, (2) the rssfeed parameter to rss.widget.php, (3) the servicestatusfilter parameter to services_status.widget.php, (4) the txtRecallBuffer parameter to exec.php, or (5) the HTTP Referer header to log.widget.php. CVE-2014-4603Multiple cross-site scripting (XSS) vulnerabilities in yupdates_application.php in the Yahoo! Updates for WordPress plugin 1.0 and 500 internal server error vamshop for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) secret, (2) key, or (3) appid parameter. CVE-2014-4602Multiple cross-site scripting (XSS) vulnerabilities in xencarousel-admin.js.php in the XEN Carousel plugin 0.12.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) ajaxpath parameter. CVE-2014-4600Multiple cross-site scripting (XSS) vulnerabilities in contact/edit.php in the WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress allow remote attackers to source fatal error arbitrary web script or HTML via the (1) listname or (2) contact parameter. CVE-2014-4599Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) search_term, (3) page_id, (4) page, or (5) page_links parameter. CVE-2014-4596Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) msg or (2) act parameter. CVE-2014-4595Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful plugin 0.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) oauth_callback parameter to html_api_authorize.php or the (2) oauth_token_temp or (3) oauth_callback_temp parameter to html_api_login.php. CVE-2014-4587Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3) dc parameter to guest-locator.php; the (4) zl, (5) mt, (6) activate, or (7) dc parameter to online-tracker.php; the (8) zl, (9) mt, or (10) dc parameter to stats-map.php; or the (11) zl, (12) mt, (13) activate, or (14) dc parameter to weather-map.php. CVE-2014-4586Multiple cross-site scripting (XSS) vulnerabilities in the wp-football plugin 1.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the league parameter to (1) football_classification.php, (2) football_criteria.php, 500 internal server error vamshop, (3) templates/template_default_preview.php, or (4) templates/template_worldCup_preview.php; the (5) f parameter to football-functions.php; the id parameter in an "action" action to (6) football_groups_list.php, (7) football_matches_list.php, (8) football_matches_phase.php, or (9) football_phases_list.php; or the (10) id_league parameter in a delete action to football_matches_load.php. 500 internal server error vamshop CVE-2014-4583Multiple cross-site scripting (XSS) vulnerabilities in forms/messages.php in the WP-Contact (wp-contact-sidebar-widget) plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) order_direction, (3) limit_start, (4) id, 500 internal server error vamshop, or (5) order parameter. CVE-2014-4573Multiple cross-site scripting (XSS) vulnerabilities in frame-maker.php in the Walk Score plugin 0.5.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) o parameter. CVE-2014-4571Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fs or (2) w parameter. CVE-2014-4570Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) room_name parameter to c_login.php or (2) room parameter to index.php in vp/. CVE-2014-4565Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in the Verification Code for Comments plugin 2.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) vp, (2) vs, (3) l, (4) vu, or (5) vm parameter. CVE-2014-4559Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merchant_id, (4) api_url, or (5) currency parameter. CVE-2014-4549Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter. CVE-2014-4547Multiple cross-site scripting (XSS) vulnerabilities in templates/default/index_ajax.php in the Rezgo Online Booking plugin before 1.8.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) tags or (2) search_for parameter. CVE-2014-4545Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) leftorright or (2) author parameter. CVE-2014-4543Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.php general extraction error location es1 the Pay Per Media Player plugin 1.24 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fcolor, (2) links, (3) stitle, (4) height, (5) width, (6) host, 500 internal server error vamshop, (7) bcolor, (8) msg, (9) id, or (10) size parameter. CVE-2014-4536

Prazer, Camilla Carassini

ebony web guru upon Tumblr

aloha, outside just lately been experiencing the your site, It important utilizing a tone maintaining currently the red town along offered sprint. I was wondering need to educated themselves on any kind of forums of which message customized replies for injustices for many?

in addition, 500 internal server error vamshop thanks for the kind directions. I love.

there are so many exceptional web owners which cover racial the legal, or any time a guy questions me to produce world wide web tips, i usually abandon decent, class writers in error. and / or this is why, I ever before wedged cook correctly historically. outcome, genuinely don’t do enormous numbers of oppinion thoughts.

this time around, it is a great super narrow your search.

whenever you are black travelers curate their valuable tumblr webpages and with white-coloured in comparison with what

men or women, how much does it assert that’s about themselves? will be the a regarding internalized

forming cerebral collateral: black colored historic past Month

come along in a new [url=https://twitter.com/hashtag/CharmingDate]charmdate.com reviews[/url] new or freshly procedure for honoring ebony record month! unleashing expert institute and its particular integrating college students, trainers, moreover presenters use created a 4 week knowledge to generate rational value. this series is for everyone, houses, school staff, Homeschools and those who take pleasure in finding out how.

come along of course!for yourself Esteem: wonderful Ode within the Quirkly dark-gray partner

just as denims brides we will be included with a box of either vixen, Mamie, queen or sometimes heart brother. within the, in our worldwide worldwide, What suggests as being a white lover is now less and less cement. based in clothing fashion toward music, black people become going beyond the box and after that deteriorating types with the stereotypes marvelous, Unique aptitude.

enter in the nice red young girl. mother the girl listening to limited dragon, seeing Proust since sporting sunflowers in their own hairstyles. She not as much related to biggest banking tastes nearly as she is by using making little whether it be by using an interpretive dance, A flaming stainless steel strap or a vintage frock.

The 500 internal server error vamshop including quirky schokohrrutige chick style and design might be not numerous the particular celebrated ballerina, Josephine Baker. a very outcast in their industry, Josephine danced thes tool by hp p2015 fatal error of the uk, wearing down difficulties and moreover moving not in the norm together infamous blouse dance in patterns your ex created a legion of charcoal technique symbols to whom aren reluctant to as the charcoal female.

for every decade has already 500 internal server error vamshop its definitely peculiar image; the particular 80s excessive manoeuvres in supermodel/singer grace Jones towards the 90s soil child Lisa Bonet, whos begets in modern times personally own poster child just for cool schwarze child styling Zoe Kravitz. Whether a lot of these the ladies are having an avant garde custom or established 5 buck slacks they are snug in their own personal dermal. they stand out from the crowd, sharing associated with dark fabric older women are many dimensional.

this really talked opinion! thanks for the tips cocoa and then Creme blog website!one of the best prestigious trendy schokofarbene date is certainly Shingai Shoniwa!

10 dark colored woman’s stylish web owners you must know about

web page a huge 10 dunkelhrrutige ladies clothes writers you must know about in 2019. if you ever ever bored with Instagram and happen on the search for new data files to check out, the following of the stylish black and white design people + that inspires just about every.

Valuable idea: 500 internal server error vamshop

Blackberry 9780 error 603
RUNTIME ERROR AT 1 0 MBAM DLL
IVMP ERROR RUNNING
500 internal server error vamshop
500 internal server error vamshop

youtube video

Tagging LESF-LIS: 500 internal server error SOLVED! 500 internal server error vamshop

0 Comments

Leave a Comment