Export limit exceeded: 46644 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46644 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14717 | 1 Telaxius | 1 Epesi | 2025-04-20 | N/A |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. | ||||
| CVE-2017-14718 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. | ||||
| CVE-2017-14720 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. | ||||
| CVE-2017-8127 | 1 Huawei | 1 Uma | 2025-04-20 | N/A |
| The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. | ||||
| CVE-2017-14721 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. | ||||
| CVE-2015-8815 | 1 Umbraco | 1 Umbraco | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page. | ||||
| CVE-2015-8831 | 1 Dotclear | 1 Dotclear | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment. | ||||
| CVE-2017-14724 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. | ||||
| CVE-2017-6812 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2025-04-20 | N/A |
| paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter). | ||||
| CVE-2017-14735 | 1 Antisamy Project | 1 Antisamy | 2025-04-20 | N/A |
| OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL. | ||||
| CVE-2017-14744 | 1 Baidu | 1 Ueditor | 2025-04-20 | N/A |
| UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | ||||
| CVE-2015-8936 | 1 Squidguard | 1 Squidguard | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link. | ||||
| CVE-2017-14751 | 1 Intensewp | 1 Wp Jobs | 2025-04-20 | N/A |
| The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field. | ||||
| CVE-2017-14752 | 1 Mahara | 1 Mahara | 2025-04-20 | N/A |
| Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara. | ||||
| CVE-2015-8975 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-14753 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php. | ||||
| CVE-2015-9057 | 1 Proxmox | 1 Proxmox Mail Gateway | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm. | ||||
| CVE-2017-6558 | 1 Iball | 2 Ib-wra150n, Ib-wra150n Firmware | 2025-04-20 | N/A |
| iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. | ||||
| CVE-2017-17832 | 1 Serverscheck | 1 Monitoring Software | 2025-04-20 | N/A |
| ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page). | ||||
| CVE-2017-6589 | 1 Epiceditor Project | 1 Epiceditor | 2025-04-20 | N/A |
| EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document. | ||||