Export limit exceeded: 46645 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46645 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9140 | 1 Progress | 2 Sitefinity Cms, Telerik Reporting | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. | ||||
| CVE-2017-9288 | 1 Raygun | 1 Raygun4wp | 2025-04-20 | N/A |
| The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). | ||||
| CVE-2017-5367 | 1 Zoneminder | 1 Zoneminder | 2025-04-20 | N/A |
| Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others). | ||||
| CVE-2016-7981 | 1 Spip | 1 Spip | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. | ||||
| CVE-2017-6814 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | N/A |
| In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js. | ||||
| CVE-2017-15888 | 1 Synology | 1 Audio Station | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter. | ||||
| CVE-2017-5870 | 1 Vimbadmin | 1 Vimbadmin | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (4) goto parameter to alias/add/did/<domain id>; or the (5) captchatext parameter to auth/lost-password. | ||||
| CVE-2017-12844 | 1 Icewarp | 1 Mail Server | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name. | ||||
| CVE-2017-13671 | 1 Misp | 1 Misp | 2025-04-20 | N/A |
| app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. | ||||
| CVE-2017-3165 | 1 Apache | 1 Brooklyn | 2025-04-20 | N/A |
| In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability. | ||||
| CVE-2017-8550 | 1 Microsoft | 1 Office | 2025-04-20 | N/A |
| A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability". | ||||
| CVE-2017-8758 | 1 Microsoft | 1 Exchange Server | 2025-04-20 | 6.1 Medium |
| Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability." | ||||
| CVE-2016-8751 | 1 Apache | 1 Ranger | 2025-04-20 | N/A |
| Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies. | ||||
| CVE-2017-7233 | 2 Djangoproject, Redhat | 4 Django, Openstack, Satellite and 1 more | 2025-04-20 | N/A |
| Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack. | ||||
| CVE-2016-9126 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | N/A |
| Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account. | ||||
| CVE-2016-9371 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2025-04-20 | N/A |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. User-controlled input is not neutralized before being output to web page (CROSS-SITE SCRIPTING). | ||||
| CVE-2016-10203 | 1 Zoneminder | 1 Zoneminder | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. | ||||
| CVE-2017-12272 | 1 Cisco | 1 Ios Xe | 2025-04-20 | N/A |
| A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvb09516. | ||||
| CVE-2017-12257 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | N/A |
| A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve96608. | ||||
| CVE-2017-12221 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-20 | N/A |
| A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in the context of the affected system. Cisco Bug IDs: CSCvc38983. | ||||