Export limit exceeded: 357823 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46644 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46644 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9072 | 1 Calendarxp | 2 Flatcalendarxp, Popcalendarxp | 2025-04-20 | N/A |
| Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm. | ||||
| CVE-2017-9085 | 1 Kodak | 1 Insite | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) "paramFile" parameter to /Site/Troubleshooting/DiagnosticReport.asp, or (2) "paramFile" parameter to /Site/Troubleshooting/SpeedTest.asp. | ||||
| CVE-2017-9132 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2025-04-20 | N/A |
| A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded credentials to connect to the broker on any device (whether it be an AP, Client, or Backhaul model), an attacker can view all the messages being sent between the devices. If an attacker connects to an AP, the AP will leak information about any clients connected to it, including the serial numbers, which can be used to remotely factory reset the clients via a page in their web interface. | ||||
| CVE-2017-9361 | 1 Websitebaker | 1 Websitebaker | 2025-04-20 | N/A |
| WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php. | ||||
| CVE-2017-9145 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-20 | N/A |
| TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS. | ||||
| CVE-2017-9508 | 1 Atlassian | 2 Crucible, Fisheye | 2025-04-20 | N/A |
| Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file. | ||||
| CVE-2017-9523 | 1 Sophos | 1 Web Appliance | 2025-04-20 | N/A |
| The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. | ||||
| CVE-2017-9537 | 1 Solarwinds | 1 Network Performance Monitor | 2025-04-20 | N/A |
| Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters. | ||||
| CVE-2017-9546 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name. | ||||
| CVE-2017-9548 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change). | ||||
| CVE-2017-9556 | 1 Synology | 1 Video Station | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter. | ||||
| CVE-2017-9609 | 1 Blackcat-cms | 1 Blackcat Cms | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. | ||||
| CVE-2017-9613 | 1 Sap | 1 Successfactors | 2025-04-20 | N/A |
| Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality. | ||||
| CVE-2017-9621 | 1 Epesi | 1 Epesi | 2025-04-20 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter. | ||||
| CVE-2017-9622 | 1 Epesi | 1 Epesi | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data. | ||||
| CVE-2017-9623 | 1 Epesi | 1 Epesi | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data. | ||||
| CVE-2017-9624 | 1 Epesi | 1 Epesi | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data. | ||||
| CVE-2017-9674 | 1 Simplece | 1 Simplece | 2025-04-20 | N/A |
| In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user. | ||||
| CVE-2017-9979 | 1 Osnexus | 1 Quantastor | 2025-04-20 | N/A |
| On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS. | ||||
| CVE-2017-9555 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. | ||||