Export limit exceeded: 363350 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47132 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3374 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582. | ||||
| CVE-2015-5063 | 1 Silverstripe | 1 Silverstripe | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php. | ||||
| CVE-2014-3375 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597. | ||||
| CVE-2015-5061 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do. | ||||
| CVE-2015-8834 | 1 Wordpress | 1 Wordpress | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3440. | ||||
| CVE-2015-6061 | 1 Microsoft | 3 Lync, Lync Room System, Skype For Business | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script or HTML via an instant-message session, aka "Server Input Validation Information Disclosure Vulnerability." | ||||
| CVE-2015-1459 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. | ||||
| CVE-2015-0787 | 1 Netiq | 1 Identity Manager | 2025-04-12 | N/A |
| XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. | ||||
| CVE-2015-3440 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. | ||||
| CVE-2015-6346 | 1 Cisco | 1 Secure Access Control Server | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2015-2768 | 1 Websense | 2 Triton Ap Email, V-series Appliances | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-2764 | 1 Websense | 1 Triton Ap Data | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-DATA before 8.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the DSS (1) Mobile or (2) DLP report catalog. | ||||
| CVE-2015-2760 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-6349 | 1 Cisco | 1 Secure Access Control Server | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2012-5650 | 1 Apache | 1 Couchdb | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite. | ||||
| CVE-2015-4210 | 1 Cisco | 1 Webex Meeting Center | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806. | ||||
| CVE-2015-2747 | 1 Websense | 2 Triton, V-series Appliances | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy. | ||||
| CVE-2014-0571 | 1 Adobe | 1 Coldfusion | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-5992 | 1 Philippine Long Distance Telephone | 4 Kasda Kw58293, Kasda Kw58293 Firmware, Speedsurf 504an and 1 more | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter. | ||||
| CVE-2015-2217 | 1 Myupb | 1 Ultimate Php Board | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or (2) avatar parameter to profile.php. | ||||