Export limit exceeded: 25889 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46644 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46644 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-8763 | 1 Telaxius | 1 Epesi | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter. | ||||
| CVE-2017-8762 | 1 Genixcms | 1 Genixcms | 2025-04-20 | N/A |
| GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element. | ||||
| CVE-2017-8745 | 1 Microsoft | 1 Sharepoint Foundation | 2025-04-20 | N/A |
| An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability". | ||||
| CVE-2017-8832 | 1 Allen Disk Project | 1 Allen Disk | 2025-04-20 | N/A |
| Allen Disk 1.6 has XSS in the id parameter to downfile.php. | ||||
| CVE-2017-8654 | 1 Microsoft | 1 Sharepoint Server | 2025-04-20 | N/A |
| Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability". | ||||
| CVE-2017-8629 | 1 Microsoft | 1 Sharepoint Server | 2025-04-20 | N/A |
| Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability". | ||||
| CVE-2017-8559 | 1 Microsoft | 1 Exchange Server | 2025-04-20 | N/A |
| Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560. | ||||
| CVE-2017-8551 | 1 Microsoft | 1 Project Server | 2025-04-20 | N/A |
| An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability". | ||||
| CVE-2017-8560 | 1 Microsoft | 1 Exchange Server | 2025-04-20 | N/A |
| Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559. | ||||
| CVE-2017-8514 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2025-04-20 | N/A |
| An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability". | ||||
| CVE-2017-8801 | 1 Trendmicro | 1 Officescan | 2025-04-20 | N/A |
| Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. | ||||
| CVE-2017-8439 | 1 Elastic | 1 Kibana | 2025-04-20 | N/A |
| Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users. | ||||
| CVE-2017-8384 | 1 Craftcms | 1 Craft Cms | 2025-04-20 | N/A |
| Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052. | ||||
| CVE-2017-8376 | 1 Genixcms | 1 Genixcms | 2025-04-20 | N/A |
| GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator. | ||||
| CVE-2017-8304 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | N/A |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI. | ||||
| CVE-2017-8298 | 1 Cnvs | 1 Canvas | 2025-04-20 | N/A |
| cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users. | ||||
| CVE-2017-8224 | 1 Wificam | 2 Wireless Ip Camera \(p2p\), Wireless Ip Camera \(p2p\) Firmware | 2025-04-20 | N/A |
| Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET. | ||||
| CVE-2017-8139 | 1 Huawei | 1 Hedex Lite | 2025-04-20 | N/A |
| HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users. | ||||
| CVE-2017-8127 | 1 Huawei | 1 Uma | 2025-04-20 | N/A |
| The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. | ||||
| CVE-2017-8125 | 1 Huawei | 1 Uma | 2025-04-20 | N/A |
| The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. | ||||