Export limit exceeded: 46645 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46645 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5621 | 1 Zammad | 1 Zammad | 2025-04-20 | N/A |
| An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API. | ||||
| CVE-2017-5998 | 1 Intersect Alliance | 1 Snare Epilog | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the str_log_name parameter in a "Web Admin Portal > Log Configuration > Add" action. | ||||
| CVE-2017-6003 | 1 Dotcms | 1 Dotcms | 2025-04-20 | N/A |
| dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields. | ||||
| CVE-2017-6811 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2025-04-20 | N/A |
| paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter). | ||||
| CVE-2017-6053 | 1 Trihedral | 1 Vtscada | 2025-04-20 | N/A |
| A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser. | ||||
| CVE-2017-6103 | 1 Anyvar Project | 1 Anyvar | 2025-04-20 | N/A |
| Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. | ||||
| CVE-2017-6061 | 1 Sap | 1 Businessobjects Financial Consolidation | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106. | ||||
| CVE-2017-6067 | 1 Getsymphony | 1 Symphony | 2025-04-20 | N/A |
| Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field. | ||||
| CVE-2017-6099 | 1 Paypal | 1 Merchant-sdk-php | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter. | ||||
| CVE-2017-6102 | 1 Rockhoist Badges Project | 1 Rockhoist Badges Plugin | 2025-04-20 | N/A |
| Persistent XSS in wordpress plugin rockhoist-badges v1.2.2. | ||||
| CVE-2017-6443 | 1 Epson | 1 Tmnet Webconfig | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1. | ||||
| CVE-2017-6446 | 1 Dotclear | 1 Dotclear | 2025-04-20 | N/A |
| XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters. | ||||
| CVE-2017-6479 | 1 Fenix Hosting | 1 Fenix-open-source | 2025-04-20 | N/A |
| FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter). | ||||
| CVE-2017-6480 | 1 Groovel Project | 1 Cmsgroovel | 2025-04-20 | N/A |
| groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter). | ||||
| CVE-2017-6483 | 1 Atutor | 1 Atutor | 2025-04-20 | N/A |
| Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-6484 | 1 Inter-mediator | 1 Inter-mediator | 2025-04-20 | 6.1 Medium |
| Multiple Cross-Site Scripting (XSS) issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data (c and cred) passed to the "INTER-Mediator-master/Auth_Support/PasswordReset/resetpassword.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-6485 | 1 Php-calendar | 1 Php-calendar | 2025-04-20 | N/A |
| A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-6486 | 1 Reasoncms | 1 Reasoncms | 2025-04-20 | N/A |
| A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data (nyroModalSel) passed to the "reasoncms-master/www/nyroModal/demoSent.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-6487 | 1 Epesi | 1 Epesi | 2025-04-20 | 6.1 Medium |
| Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to the "EPESI-master/modules/Utils/RecordBrowser/favorites.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-6489 | 1 Epesi | 1 Epesi | 2025-04-20 | 6.1 Medium |
| Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to the EPESI-master/modules/Utils/Watchdog/subscribe.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||