Export limit exceeded: 362832 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47055 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1998 | 1 N-i-agroinformatics | 1 Soy Cms | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-7342 | 1 Flowplayer | 1 Flowplayer Html5 | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341. | ||||
| CVE-2015-5670 | 1 Techno Project Japan | 1 Enisys Gw | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-5667 | 1 Html-scrubber Project | 1 Html-scrubber | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment. | ||||
| CVE-2014-3187 | 2 Apple, Google | 2 Iphone Os, Chrome | 2025-04-12 | N/A |
| Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. | ||||
| CVE-2015-5651 | 1 Dotclear | 1 Dotclear | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-9475 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message. | ||||
| CVE-2015-5399 | 1 Phpvibe | 1 Phpvibe | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment. | ||||
| CVE-2014-2006 | 1 Intercom | 1 Web Kyukincho | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-5622 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php. | ||||
| CVE-2014-9499 | 1 Godwin\'s Law Project | 1 Godwin\'s Law | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML via a Watchdog message. | ||||
| CVE-2015-3392 | 1 Ajax Timeline Project | 1 Ajax Timeline | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Ajax Timeline module before 7.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. | ||||
| CVE-2016-1000154 | 1 Browserweb | 1 Whizz | 2025-04-12 | N/A |
| Reflected XSS in wordpress plugin whizz v1.0.7 | ||||
| CVE-2014-2024 | 1 Openclassifieds | 1 Open Classifieds 2 | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to shared-apartments-rooms/. | ||||
| CVE-2015-5612 | 1 Octobercms | 1 October | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image. | ||||
| CVE-2012-4901 | 1 Template Cms Project | 1 Template Cms | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php. | ||||
| CVE-2015-3384 | 1 Commerce Balanced Payments Project | 1 Commerce Balanced Payments | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Bank Account Listing Page in the Commerce Balanced Payments module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-10006 | 1 Antisamy Project | 1 Antisamy | 2025-04-12 | 6.1 Medium |
| In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS. | ||||
| CVE-2012-6684 | 2 Debian, Redcloth | 2 Debian Linux, Redcloth Library | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. | ||||
| CVE-2014-3363 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443. | ||||