Export limit exceeded: 46064 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46064 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-2187 | 1 3cx | 1 Live Chat | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-2174 | 1 Ipa | 1 Empirical Project Monitor - Extended | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-14197 | 1 Squiz | 1 Matrix | 2025-04-20 | N/A |
| An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins. | ||||
| CVE-2015-5613 | 1 Octobercms | 1 October | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612. | ||||
| CVE-2017-5961 | 1 Ionizecms | 1 Ionize | 2025-04-20 | N/A |
| An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirror/dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-5960 | 1 Phalconeye Project | 1 Phalconeye | 2025-04-20 | N/A |
| An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-5945 | 1 Poodll | 1 Moodle-filter Poodll | 2025-04-20 | N/A |
| An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodll_audio_url" HTTP GET parameter passed to the "filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-1421 | 1 Ibm | 1 Inotes | 2025-04-20 | N/A |
| IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2017-14219 | 1 Intelbras | 2 Wrn 240, Wrn 240 Firmware | 2025-04-20 | N/A |
| XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an "airbase-ng -e" command. | ||||
| CVE-2017-5942 | 1 Wp Mail Project | 1 Wp Mail | 2025-04-20 | 6.1 Medium |
| An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail. | ||||
| CVE-2017-5900 | 1 Netcomm | 2 Nb16wv-02, Nb16wv-02 Firmware | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm. | ||||
| CVE-2017-5882 | 1 Sanadata | 1 Sanacms | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2017-5877 | 1 Dotcms | 1 Dotcms | 2025-04-20 | N/A |
| XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter. | ||||
| CVE-2017-5876 | 1 Dotcms | 1 Dotcms | 2025-04-20 | N/A |
| XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter. | ||||
| CVE-2017-14239 | 1 Dolibarr | 1 Dolibarr | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php. | ||||
| CVE-2017-1424 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | N/A |
| IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477. | ||||
| CVE-2017-14241 | 1 Dolibarr | 1 Dolibarr | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. | ||||
| CVE-2017-5938 | 4 Debian, Opensuse, Opensuse Project and 1 more | 4 Debian Linux, Leap, Leap and 1 more | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name. | ||||
| CVE-2017-5875 | 1 Dotcms | 1 Dotcms | 2025-04-20 | N/A |
| XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter. | ||||
| CVE-2017-14268 | 1 Ee | 2 4gee Wifi Mbb, 4gee Wifi Mbb Firmware | 2025-04-20 | N/A |
| EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request. | ||||