Search Results (47133 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1000152 1 Tidio-form Project 1 Tidio-form 2025-04-12 N/A
Reflected XSS in wordpress plugin tidio-form v1.0
CVE-2016-1000147 1 Recipes-writer Project 1 Recipes-writer 2025-04-12 N/A
Reflected XSS in wordpress plugin recipes-writer v1.0.4
CVE-2015-8757 1 Typo3 1 Typo3 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation.
CVE-2014-5441 1 Fatfreecrm 1 Fat Free Crm 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name in a (a) create or (b) edit user action.
CVE-2011-5296 1 Tuttophp 1 Happy Chat 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in profilo.php in Happy Chat 1.0 allows remote attackers to inject arbitrary web script or HTML via the nick parameter.
CVE-2011-5287 1 Hesk 1 Hesk 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in HESK before 2.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) hesk_settings[tmp_title] or (2) hesklang[ENCODING] parameter to inc/header.inc.php; the hesklang[attempt] parameter to (3) inc/assignment_search.inc.php, (4) inc/attachments.inc.php, (5) inc/common.inc.php, (6) inc/database.inc.php, (7) inc/prepare_ticket_search.inc.php, (8) inc/print_tickets.inc.php, (9) inc/show_admin_nav.inc.php, (10) inc/show_search_form.inc.php, or (11) inc/ticket_list.inc.php; or (12) the PATH_INFO to language/en/text.php.
CVE-2011-5283 1 Smoothwall 1 Smoothwall 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action.
CVE-2014-9059 1 Moodle 1 Moodle 2025-04-12 N/A
lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.
CVE-2016-4363 1 Hp 1 Insight Control Server Deployment 2025-04-12 N/A
HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors.
CVE-2014-3628 1 Apache 1 Solr 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.
CVE-2016-2994 1 Ibm 1 Urbancode Deploy 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4563 1 Url Cloak \& Encrypt Project 1 Url Cloak \& Encrypt 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in go.php in the URL Cloak & Encrypt (url-cloak-encrypt) plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2014-5188 1 Lyris 1 List Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in doemailpassword.tml in Lyris ListManager (LM) 8.95a allows remote attackers to inject arbitrary web script or HTML via the EmailAddr parameter.
CVE-2016-6204 1 Siemens 1 Sinema Remote Connect Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-5190 1 Si Captcha Anti-spam Project 1 Si Captcha Anti-spam 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in captcha-secureimage/test/index.php in the SI CAPTCHA Anti-Spam plugin 2.7.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2014-5191 1 Ckeditor 1 Ckeditor 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-7771 1 Newphoria Corporation 1 Applican 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID that is encountered by an applican application, a different vulnerability than CVE-2015-7772.
CVE-2014-5196 1 Improved User Search In Backend Project 1 Improved User Search In Backend 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in improved-user-search-in-backend.php in the backend in the Improved user search in backend plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that insert XSS sequences via the iusib_meta_fields parameter.
CVE-2014-5198 1 Splunk 1 Splunk 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
CVE-2016-2991 1 Ibm 1 Lotus Protector For Mail Security 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Protector for Mail Security 2.8.0.0 through 2.8.1.0 before 2.8.1.0-22115 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.