Export limit exceeded: 351754 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46040 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46040 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000032 | 1 Cacti | 1 Cacti | 2025-04-20 | N/A |
| Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php. | ||||
| CVE-2017-1000033 | 1 Vospari Forms Project | 1 Vospari Forms | 2025-04-20 | N/A |
| Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user. | ||||
| CVE-2017-1000035 | 1 Tt-rss | 1 Tiny Tiny Rss | 2025-04-20 | N/A |
| Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack | ||||
| CVE-2016-7813 | 1 Emon-cms | 1 Deraemon-cms | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username. | ||||
| CVE-2016-7817 | 1 Simple Keitai Chat Project | 1 Simple Keitai Chat | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-4072 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message. | ||||
| CVE-2017-1000038 | 1 Relevanssi | 1 Relevanssi | 2025-04-20 | N/A |
| WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site | ||||
| CVE-2017-15569 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | N/A |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list. | ||||
| CVE-2017-9767 | 1 Quali | 1 Cloudshell | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate. | ||||
| CVE-2017-9764 | 1 Metinfo | 1 Metinfo | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action. | ||||
| CVE-2017-1000042 | 1 Mapbox Project | 1 Mapbox | 2025-04-20 | N/A |
| Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name. | ||||
| CVE-2017-15568 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | N/A |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history. | ||||
| CVE-2017-1000043 | 1 Mapbox | 1 Mapbox.js | 2025-04-20 | 6.1 Medium |
| Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control | ||||
| CVE-2016-7823 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-9802 | 1 Apache | 1 Sling Servlets Post | 2025-04-20 | N/A |
| The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings. | ||||
| CVE-2017-8762 | 1 Genixcms | 1 Genixcms | 2025-04-20 | N/A |
| GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element. | ||||
| CVE-2017-1554 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-20 | N/A |
| IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131398. | ||||
| CVE-2017-15538 | 1 Ilias | 1 Ilias | 2025-04-20 | N/A |
| Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php. | ||||
| CVE-2016-1915 | 1 Blackberry | 1 Blackberry Enterprise Service | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp. | ||||
| CVE-2017-1553 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-20 | N/A |
| IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397. | ||||