| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename. |
| Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php. |
| Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197. |
| Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page. |
| Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and Splunk Light 6.2.x before 6.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. |
| Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php. |
| Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) form or (2) enc parameter in the CF7DBPluginShortCodeBuilder page to wp-admin/admin.php. |
| Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the form_fields parameter in a (1) do_edit or (2) do_insert action to wp-admin/admin-ajax.php. |
| Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch. |
| Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING. |
| Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 and earlier, when running certain versions of Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string that is improperly rendered during construction of a directory index page, a different vulnerability than CVE-2014-7263. |
| Cross-site scripting (XSS) vulnerability in the Omake BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string. |
| Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7267. |
| Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll. |