Export limit exceeded: 46064 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46064 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5751 | 1 Netiq | 1 Access Manager | 2025-04-20 | N/A |
| An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials. | ||||
| CVE-2017-5875 | 1 Dotcms | 1 Dotcms | 2025-04-20 | N/A |
| XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter. | ||||
| CVE-2016-5756 | 1 Netiq | 1 Access Manager | 2025-04-20 | N/A |
| Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, roma/jsp/admin/appliance/devicedetail_edit.jsp, roma/jsp/admin/managementip/mgmt_ip_details_frameset.jsp, roma/jsp/admin/managementip/mgmt_ip_details_middleframe.jsp, roma/jsp/volsc/monitoring/appliance.jsp, and roma/jsp/volsc/monitoring/graph.jsp. | ||||
| CVE-2016-9746 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Team Concert | 2025-04-20 | N/A |
| IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119821. | ||||
| CVE-2016-9747 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Engineering Lifecycle Manager | 2025-04-20 | N/A |
| IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2017-16721 | 1 Geovap | 1 Reliance-scada | 2025-04-20 | 6.1 Medium |
| A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code. | ||||
| CVE-2017-5164 | 1 Binom3 | 2 Universal Multifunctional Electric Power Quality Meter, Universal Multifunctional Electric Power Quality Meter Firmware | 2025-04-20 | N/A |
| An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Input sent from a malicious client is not properly verified by the server. An attacker can execute arbitrary script code in another user's browser session (CROSS-SITE SCRIPTING). | ||||
| CVE-2017-5157 | 2 Schneider-electric, Schneider Electric | 2 Homelynk Controller Lss100100, Homelynk Controller Lss100100 Firmware | 2025-04-20 | N/A |
| An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code. | ||||
| CVE-2017-13986 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2025-04-20 | N/A |
| A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system. | ||||
| CVE-2017-16866 | 1 Finecms | 1 Finecms | 2025-04-20 | N/A |
| dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field. | ||||
| CVE-2017-1000005 | 1 Phpminiadmin Project | 1 Phpminiadmin | 2025-04-20 | N/A |
| PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data). | ||||
| CVE-2017-1000011 | 1 Mywebsql | 1 Mywebsql | 2025-04-20 | N/A |
| MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information | ||||
| CVE-2017-1000012 | 1 Mysqldumper | 1 Mysqldumper | 2025-04-20 | N/A |
| MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to the user | ||||
| CVE-2017-1000015 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-20 | N/A |
| phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters | ||||
| CVE-2017-5833 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2017-5832 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address. | ||||
| CVE-2015-3998 | 2 Clickfraud-monitoring, Phpwhois Project | 2 Adsense-click-fraud-monitoring, Phpwhois | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML via the query parameter to whois.php. | ||||
| CVE-2017-5085 | 3 Apple, Google, Redhat | 3 Iphone Os, Chrome, Rhel Extras | 2025-04-20 | N/A |
| Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark. | ||||
| CVE-2016-7650 | 1 Apple | 2 Iphone Os, Safari | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "Safari Reader" component, which allows remote attackers to conduct UXSS attacks via a crafted web site. | ||||
| CVE-2017-1000023 | 1 Logicaldoc | 1 Logicaldoc | 2025-04-20 | N/A |
| LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document. | ||||