Export limit exceeded: 46605 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46605 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12813 | 1 Stivasoft | 1 Phpjabbers File Sharing Script | 2025-04-20 | N/A |
| PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. | ||||
| CVE-2017-5673 | 1 Kunena | 1 Kunena | 2025-04-20 | N/A |
| In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default.php, crypsis/layouts/message/item/top/default.php, crypsis/layouts/message/item/bottom/default.php, crypsisb3/layouts/message/item/default.php, crypsisb3/layouts/message/item/top/default.php, and crypsisb3/layouts/message/item/bottom/default.php. This is fixed in 5.0.5. | ||||
| CVE-2017-12879 | 1 Paessler | 1 Prtg Network Monitor | 2025-04-20 | N/A |
| Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2015-5282 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after. | ||||
| CVE-2017-14134 | 1 Maplesoft | 1 Maple T.a. | 2025-04-20 | N/A |
| A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688. | ||||
| CVE-2017-12882 | 1 Spring Batch Admin Project | 1 Spring Batch Admin | 2025-04-20 | N/A |
| Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality. | ||||
| CVE-2017-14126 | 1 Xnau | 1 Participants Database | 2025-04-20 | N/A |
| The Participants Database plugin before 1.7.5.10 for WordPress has XSS. | ||||
| CVE-2017-12906 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php. | ||||
| CVE-2017-12347 | 1 Cisco | 1 Data Center Network Manager | 2025-04-20 | N/A |
| Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. | ||||
| CVE-2017-12907 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | N/A |
| Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php. | ||||
| CVE-2017-10801 | 1 Phpsocial | 1 Phpsocial | 2025-04-20 | N/A |
| phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO to the search/tag/ URI. | ||||
| CVE-2017-5631 | 1 Kmc Information Systems | 1 Caseaware | 2025-04-20 | N/A |
| An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string. | ||||
| CVE-2017-9451 | 1 Flatcore | 1 Flatcore | 2025-04-20 | N/A |
| Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs. | ||||
| CVE-2017-16919 | 1 Mapos Project | 1 Mapos | 2025-04-20 | N/A |
| MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in /clientes/visualizar, which allows remote attackers to inject arbitrary web script or HTML via a crafted description parameter. | ||||
| CVE-2017-16908 | 1 Horde | 1 Groupware | 2025-04-20 | N/A |
| In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. | ||||
| CVE-2017-16907 | 1 Horde | 1 Groupware | 2025-04-20 | N/A |
| In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. | ||||
| CVE-2017-1688 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | N/A |
| IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134063. | ||||
| CVE-2017-14115 | 2 Att, Commscope | 3 U-verse Firmware, Arris Nvg589, Arris Nvg599 | 2025-04-20 | N/A |
| The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands. | ||||
| CVE-2017-12971 | 1 Apache2triad | 1 Apache2triad | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. | ||||
| CVE-2017-14049 | 1 Blackcat-cms | 1 Blackcat Cms | 2025-04-20 | N/A |
| In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field. | ||||