Export limit exceeded: 46019 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46019 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17940 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2025-04-20 | N/A |
| PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. | ||||
| CVE-2016-4883 | 1 Basercms | 1 Basercms | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-1282 | 1 Ibm | 1 Content Navigator | 2025-04-20 | N/A |
| IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124760. | ||||
| CVE-2017-10667 | 1 Zen-cart | 1 Zen Cart | 2025-04-20 | N/A |
| In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. | ||||
| CVE-2016-4930 | 1 Juniper | 1 Junos Space | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions. | ||||
| CVE-2016-9408 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving editing users. | ||||
| CVE-2016-5902 | 1 Ibm | 9 Maximo Asset Management, Maximo For Aviation, Maximo For Energy Optimization and 6 more | 2025-04-20 | N/A |
| IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2015-8862 | 1 Mustache.js Project | 1 Mustache.js | 2025-04-20 | N/A |
| mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | ||||
| CVE-2017-17832 | 1 Serverscheck | 1 Monitoring Software | 2025-04-20 | N/A |
| ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page). | ||||
| CVE-2015-8864 | 2 Opensuse, Roundcube | 4 Leap, Opensuse, Roundcube Webmail and 1 more | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068. | ||||
| CVE-2017-1000063 | 1 Kitto Project | 1 Kitto | 2025-04-20 | N/A |
| kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure | ||||
| CVE-2016-9409 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs. | ||||
| CVE-2017-12812 | 1 Stivasoft | 1 Phpjabbers Night Club Booking Software | 2025-04-20 | N/A |
| PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. | ||||
| CVE-2017-17948 | 1 Cells | 1 Blog | 2025-04-20 | N/A |
| Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. | ||||
| CVE-2016-4888 | 1 Zohocorp | 1 Servicedesk Plus | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-12811 | 1 Stivasoft | 1 Phpjabbers Star Rating Script | 2025-04-20 | N/A |
| PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. | ||||
| CVE-2016-8935 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | N/A |
| IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483. | ||||
| CVE-2015-0674 | 1 Cisco | 1 Cloud Web Security | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2017-1140 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | N/A |
| IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2014-7240 | 1 Formget | 1 Easy Contact Form Solution | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php. | ||||