Search Results (47104 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1000117 1 Huge-it 1 Slideshow 2025-04-12 N/A
XSS & SQLi in HugeIT slideshow v1.0.4
CVE-2016-1000007 1 Redhat 1 Pagure 2025-04-12 6.1 Medium
Pagure 2.2.1 XSS in raw file endpoint
CVE-2016-1000131 1 E-search Project 1 Esearch 2025-04-12 N/A
Reflected XSS in wordpress plugin e-search v1.0
CVE-2016-1000136 1 Heat-trackr Project 1 Heat-trackr 2025-04-12 N/A
Reflected XSS in wordpress plugin heat-trackr v1.0
CVE-2016-1000139 1 Infusionsoft Project 1 Infusionsoft 2025-04-12 N/A
Reflected XSS in wordpress plugin infusionsoft v1.5.11
CVE-2016-1000140 1 New-year-firework Project 1 New-year-firework 2025-04-12 N/A
Reflected XSS in wordpress plugin new-year-firework v1.1.9
CVE-2016-1000141 1 Page-layout-builder Project 1 Page-layout-builder 2025-04-12 N/A
Reflected XSS in wordpress plugin page-layout-builder v1.9.3
CVE-2016-1000142 1 Parsi-font Project 1 Parsi-font 2025-04-12 N/A
Reflected XSS in wordpress plugin parsi-font v4.2.5
CVE-2016-1000143 1 Photoxhibit Project 1 Photoxhibit 2025-04-12 N/A
Reflected XSS in wordpress plugin photoxhibit v2.1.8
CVE-2016-1000144 1 Photoxhibit Project 1 Photoxhibit 2025-04-12 N/A
Reflected XSS in wordpress plugin photoxhibit v2.1.8
CVE-2014-7852 1 Redhat 1 Jboss Enterprise Portal Platform 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file.
CVE-2014-7835 1 Moodle 1 Moodle 2025-04-12 N/A
webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) attacks, by specifying the profile-picture area.
CVE-2015-2064 1 Dlguard 1 Dlguard 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in DLGuard 5, 4.6, and 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) c, or (3) redirect parameter to index.php or (4) search field (searchTerm parameter) in the main page.
CVE-2015-4357 1 Webform Project 1 Webform 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.22, 7.x-3.x before 7.x-3.22, and 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title, which is used as the default title of a webform block.
CVE-2015-4347 1 Inlinks Project 1 Inlinks 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the inLinks Integration module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified path arguments.
CVE-2015-4346 1 Sms Framework Project 1 Sms Framework 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews.
CVE-2016-1318 1 Cisco 1 Application Policy Infrastructure Controller Enterprise Module 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489.
CVE-2015-4063 1 Newstatpress Project 1 Newstatpress 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
CVE-2016-1314 1 Sun 1 Opensolaris 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760.
CVE-2016-0399 1 Ibm 1 Maximo Asset Management 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.