Export limit exceeded: 357222 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46597 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000239 | 1 Invoiceplane | 1 Invoiceplane | 2025-04-20 | N/A |
| InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site. | ||||
| CVE-2017-1000240 | 1 Open-emr | 1 Openemr | 2025-04-20 | N/A |
| The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML. | ||||
| CVE-2015-2144 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js parameter to group.php; the (4) Description parameter to status.php; the (5) Description parameter to severity.php; the (6) Regex parameter to os.php; or the (7) Name parameter to database.php. | ||||
| CVE-2017-16230 | 1 Typecho | 1 Typecho | 2025-04-20 | N/A |
| In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post-edit. | ||||
| CVE-2017-1632 | 1 Ibm | 1 Sterling File Gateway | 2025-04-20 | N/A |
| IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178. | ||||
| CVE-2016-4318 | 1 Atlassian | 1 Jira | 2025-04-20 | N/A |
| Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. | ||||
| CVE-2016-4317 | 1 Atlassian | 1 Confluence | 2025-04-20 | N/A |
| Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. | ||||
| CVE-2016-4327 | 1 Wso2 | 1 Enablement Server For Java | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2016-6201 | 1 Ektron | 1 Ektron Content Management System | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx. | ||||
| CVE-2015-2145 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2015-2148 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2016-6127 | 1 Bestpractical | 1 Request Tracker | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type. | ||||
| CVE-2016-6133 | 1 Ektron | 1 Ektron Content Management System | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx. | ||||
| CVE-2016-6125 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | N/A |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2016-6123 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | N/A |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2017-17948 | 1 Cells | 1 Blog | 2025-04-20 | N/A |
| Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. | ||||
| CVE-2017-17868 | 1 Liferay | 1 Liferay Portal | 2025-04-20 | N/A |
| In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. | ||||
| CVE-2017-1001001 | 1 Pluxml | 1 Pluxml | 2025-04-20 | N/A |
| PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. | ||||
| CVE-2017-12239 | 1 Cisco | 1 Ios Xe | 2025-04-20 | 6.8 Medium |
| A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132. | ||||
| CVE-2017-1002011 | 1 Anblik | 1 Image-gallery-with-slideshow | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database. | ||||