Export limit exceeded: 363085 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47116 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-3364 1 Levelteninteractive 1 Content Analysis 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Content Analysis module before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message.
CVE-2014-2640 1 Hp 1 System Management Homepage 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-2270 2 Airvana, Sprint 3 Hubbub C1-600-rt, Airave, Airave Software 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the administration page in Airvana HubBub C1-600-RT and Sprint AIRAVE 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-6240 1 Google Sitemap Project 1 Google Sitemap 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar_googlesitemap) extension 0.4.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-6238 1 Akronymmanager Project 1 Akronymmanager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB Folderdownload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-7232 1 Structured Dynamics 1 Open Semantic Framework 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-6237 1 News Pack Project 1 News Pack 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the News Pack extension 0.1.0 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-6234 1 Open Graph Protocol Project 1 Open Graph Protocol 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Open Graph protocol (jh_opengraphprotocol) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-2187 1 Apache 1 Archiva 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.
CVE-2013-2149 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.
CVE-2014-6215 1 Ibm 1 Websphere Portal 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 before 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2013-2087 1 Galleryproject 1 Gallery 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to modules/gallery/controllers/movies.php or (2) key variable to modules/gallery/views/error_admin.html.php.
CVE-2015-0265 1 Apache 1 Ranger 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header.
CVE-2014-6196 1 Ibm 3 Lotus Widget Factory, Web Experience Factory, Websphere Dashboard Framework 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere Portal configuration, leading to improper construction of a response page by an application.
CVE-2013-2025 1 Ushahidi 1 Ushahidi Platform 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-3362 1 Video Project 1 Video 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title.
CVE-2014-2589 1 Sonicwall 1 Nsa 2400 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter.
CVE-2014-2586 1 Mcafee 1 Cloud Single Sign On 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.
CVE-2014-2578 1 Splunk 1 Splunk 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-2577 1 Bottomline 1 Transform Foundation Server 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote attackers to inject arbitrary web script or HTML via the (1) pn parameter to index.fsp/document.pdf, (2) db or (3) referer parameter to index.fsp/index.fsp, or (4) PATH_INFO to the default URI.