Export limit exceeded: 46043 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46043 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16856 | 1 Atlassian | 1 Confluence | 2025-04-20 | N/A |
| The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme. | ||||
| CVE-2017-9419 | 1 Webhammer | 1 Wp Custom Fields Search | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter. | ||||
| CVE-2017-1688 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | N/A |
| IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134063. | ||||
| CVE-2017-16880 | 1 Whoops Project | 1 Whoops | 2025-04-20 | N/A |
| The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS. | ||||
| CVE-2017-9441 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 2.7 Low |
| Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in manifest.json. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files. | ||||
| CVE-2017-16881 | 1 Symphony Project | 1 Symphony | 2025-04-20 | N/A |
| b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java. | ||||
| CVE-2017-16884 | 1 Mistserver | 1 Mistserver | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts. | ||||
| CVE-2017-1689 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | N/A |
| IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134064. | ||||
| CVE-2016-7808 | 1 Corega | 4 Cg-wlbaragm Firmware, Cg-wlbargmh, Cg-wlbargnl and 1 more | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-7810 | 1 Corega | 2 Cg-wlr300nx, Cg-wlr300nx Firmware | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-16907 | 1 Horde | 1 Groupware | 2025-04-20 | N/A |
| In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. | ||||
| CVE-2017-16908 | 1 Horde | 1 Groupware | 2025-04-20 | N/A |
| In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. | ||||
| CVE-2017-16919 | 1 Mapos Project | 1 Mapos | 2025-04-20 | N/A |
| MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in /clientes/visualizar, which allows remote attackers to inject arbitrary web script or HTML via a crafted description parameter. | ||||
| CVE-2017-9451 | 1 Flatcore | 1 Flatcore | 2025-04-20 | N/A |
| Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs. | ||||
| CVE-2017-9488 | 1 Cisco | 4 Dpc3939, Dpc3939 Firmware, Dpc3941t and 1 more | 2025-04-20 | N/A |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded credentials. This wan0 interface cannot be accessed from the public Internet. | ||||
| CVE-2016-8356 | 1 Kabona Ab | 1 Webdatorcentral | 2025-04-20 | N/A |
| An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities. | ||||
| CVE-2017-16950 | 1 Urbackup | 1 Urbackup Server | 2025-04-20 | N/A |
| Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | ||||
| CVE-2017-9509 | 1 Atlassian | 2 Crucible, Fisheye | 2025-04-20 | N/A |
| The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file. | ||||
| CVE-2017-9510 | 1 Atlassian | 1 Fisheye | 2025-04-20 | N/A |
| The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters. | ||||
| CVE-2017-9516 | 1 Craftcms | 1 Craft Cms | 2025-04-20 | N/A |
| Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file. | ||||