Export limit exceeded: 46646 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46646 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-13994 | 1 Loytec | 2 Lvis-3me, Lvis-3me Firmware | 2025-04-20 | N/A |
| A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link. | ||||
| CVE-2017-14618 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. | ||||
| CVE-2017-14506 | 1 Geminabox Project | 1 Geminabox | 2025-04-20 | 5.4 Medium |
| geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. | ||||
| CVE-2014-8703 | 1 Wondercms | 1 Wondercms | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2014-8707 | 1 Pluck-cms | 1 Pluck | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option. | ||||
| CVE-2017-14498 | 1 Silverstripe | 1 Silverstripe | 2025-04-20 | N/A |
| SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017. | ||||
| CVE-2016-0265 | 1 Ibm | 1 Campaign | 2025-04-20 | N/A |
| IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
| CVE-2017-6393 | 1 Nagvis | 1 Nagvis | 2025-04-20 | N/A |
| An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/std_table.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2016-10203 | 1 Zoneminder | 1 Zoneminder | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. | ||||
| CVE-2016-5226 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-20 | N/A |
| Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. | ||||
| CVE-2017-14615 | 1 Watchguard | 1 Fireware | 2025-04-20 | N/A |
| An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the context of any logged in user in the Web UI visiting "Traffic Monitor" sections "Events" and "All." As a side effect, no further events will be visible in the Traffic Monitor until the device is restarted. | ||||
| CVE-2015-9056 | 1 Elastic | 1 Kibana | 2025-04-20 | N/A |
| Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. | ||||
| CVE-2015-2690 | 1 Digium | 1 Addons Module | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the (1) add_license_key, (2) add_license_first_name, (3) add_license_last_name, (4) add_license_company, (5) add_license_address1, (6) add_license_address2, (7) add_license_city, (8) add_license_state, (9) add_license_post_code, (10) add_license_country, (11) add_license_phone, or (12) add_license_email parameter in an add-license-form page to admin/config.php. | ||||
| CVE-2014-8753 | 1 Cit-e-net | 1 Cit-e-access | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e-Access 6. | ||||
| CVE-2014-8758 | 1 Tech-banker | 1 Gallery Bank | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php. | ||||
| CVE-2017-1447 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | N/A |
| IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172. | ||||
| CVE-2017-1446 | 1 Ibm | 1 Emptoris Spend Analysis | 2025-04-20 | 5.4 Medium |
| IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128171. | ||||
| CVE-2017-14219 | 1 Intelbras | 2 Wrn 240, Wrn 240 Firmware | 2025-04-20 | N/A |
| XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an "airbase-ng -e" command. | ||||
| CVE-2017-4940 | 1 Vmware | 1 Esxi | 2025-04-20 | 6.1 Medium |
| The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client. | ||||
| CVE-2017-1461 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | N/A |
| IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128460. | ||||