Export limit exceeded: 363575 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9153 | 1 Services Project | 1 Services | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response. | ||||
| CVE-2012-2592 | 1 Axigen | 1 Axigen Mail Server | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email. | ||||
| CVE-2014-7152 | 1 Mailchimp | 1 Easy Mailchimp Forms Plugin | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php. | ||||
| CVE-2014-4195 | 1 Aas9 | 1 Zerocms | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the article_id parameter. | ||||
| CVE-2012-2569 | 1 Synametrics | 1 Xeams | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email. | ||||
| CVE-2012-2572 | 1 Mindreantre | 1 Threewp Email Reflector | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email. | ||||
| CVE-2014-9146 | 1 Fiyo | 1 Fiyo Cms | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php. | ||||
| CVE-2016-2010 | 1 Hp | 1 Network Node Manager I | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011. | ||||
| CVE-2014-9120 | 1 Intelliants | 1 Subrion | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/. | ||||
| CVE-2015-0343 | 1 Adobe | 1 Connect | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||
| CVE-2015-0144 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916. | ||||
| CVE-2015-0122 | 1 Ibm | 1 Rational Team Concert | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0123. | ||||
| CVE-2015-0109 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 8 more | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108. | ||||
| CVE-2015-0108 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 8 more | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109. | ||||
| CVE-2015-8606 | 1 Silverstripe | 1 Silverstripe | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm. | ||||
| CVE-2015-8603 | 1 S9y | 1 Serendipity | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php. | ||||
| CVE-2015-2289 | 1 S9y | 1 Serendipity | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category. | ||||
| CVE-2015-8510 | 1 Mozilla | 1 Firefox Os | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted web site that is mishandled during "Add to home screen" bookmarking. | ||||
| CVE-2016-1000132 | 1 Cminds | 1 Tooltip Glossary | 2025-04-12 | N/A |
| Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 | ||||
| CVE-2014-7263 | 1 Ultrapop | 1 I-httpd | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than CVE-2014-7261. | ||||