Export limit exceeded: 46051 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46051 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-10676 | 2 D-link, Dlink | 2 Dir-600m Firmware, Dir-600m | 2025-04-20 | N/A |
| On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. | ||||
| CVE-2017-15736 | 1 Spip | 1 Spip | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php. | ||||
| CVE-2017-10711 | 1 Simplerisk | 1 Simplerisk | 2025-04-20 | N/A |
| In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter. | ||||
| CVE-2017-10801 | 1 Phpsocial | 1 Phpsocial | 2025-04-20 | N/A |
| phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO to the search/tag/ URI. | ||||
| CVE-2017-10837 | 1 Backup-guard | 1 Backup Guard | 2025-04-20 | 6.1 Medium |
| Cross-site scripting vulnerability in BackupGuard prior to version 1.1.47 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-10838 | 1 Seopanel | 1 Seo Panel | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-10886 | 1 Cs-cart | 2 Cs-cart, Cs-cart Multivendor | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-10896 | 1 Buffalo | 4 Bbr-4hg, Bbr-4hg Firmware, Bbr-4mg and 1 more | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-1096 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | N/A |
| IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120656. | ||||
| CVE-2017-10962 | 1 Vanderbilt | 1 Redcap | 2025-04-20 | N/A |
| REDCap before 7.5.1 has XSS via the query string. | ||||
| CVE-2017-10970 | 1 Cacti | 1 Cacti | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. | ||||
| CVE-2017-17431 | 1 Genixcms | 1 Genixcms | 2025-04-20 | N/A |
| GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765. | ||||
| CVE-2017-10975 | 1 Lutim Project | 1 Lutim | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despite the appearance of an XSS payload in the filename. | ||||
| CVE-2017-1098 | 1 Ibm | 1 Emptoris Supplier Lifecycle Management | 2025-04-20 | N/A |
| IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658. | ||||
| CVE-2017-10991 | 1 Wp-statistics | 1 Wp Statistics | 2025-04-20 | N/A |
| The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page. | ||||
| CVE-2017-1100 | 1 Ibm | 1 Rational Quality Manager | 2025-04-20 | N/A |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120661. | ||||
| CVE-2017-1101 | 1 Ibm | 1 Rational Quality Manager | 2025-04-20 | N/A |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662. | ||||
| CVE-2017-1102 | 1 Ibm | 1 Rational Quality Manager | 2025-04-20 | N/A |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120663. | ||||
| CVE-2017-11026 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys. | ||||
| CVE-2017-11127 | 1 Boltcms | 1 Bolt | 2025-04-20 | N/A |
| Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. | ||||