Export limit exceeded: 359602 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359602 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359602 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46786 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46786 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4377 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image. | ||||
| CVE-2012-4567 | 1 Letodms Project | 1 Letodms | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) inc/inc.ClassUI.php or (2) out/out.DocumentNotify.php. | ||||
| CVE-2017-11163 | 1 Cacti | 1 Cacti | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. | ||||
| CVE-2012-4569 | 1 Letodms Project | 1 Letodms | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in out/out.UsrMgr.php in LetoDMS (formerly MyDMS) before 3.3.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-1485 | 1 Ibm | 1 Cognos Analytics | 2025-04-20 | N/A |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623. | ||||
| CVE-2017-11180 | 1 Finecms Project | 1 Finecms | 2025-04-20 | N/A |
| FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login screen. | ||||
| CVE-2017-11181 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-04-20 | N/A |
| In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable. | ||||
| CVE-2017-11182 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-04-20 | N/A |
| In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable. | ||||
| CVE-2017-11194 | 1 Pulsesecure | 1 Pulse Connect Secure | 2025-04-20 | N/A |
| Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc. | ||||
| CVE-2016-9696 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2025-04-20 | N/A |
| IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 1999960. | ||||
| CVE-2017-11202 | 1 Finecms Project | 1 Finecms | 2025-04-20 | N/A |
| FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScript in visited URLs is not restricted either during logging or during the reading of logs, a different vulnerability than CVE-2017-11180. | ||||
| CVE-2016-5055 | 1 Osram | 1 Lightify Pro | 2025-04-20 | N/A |
| OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page. | ||||
| CVE-2016-9701 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Team Concert | 2025-04-20 | N/A |
| IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529. | ||||
| CVE-2016-5073 | 1 Cloudviewnms | 1 Cloudview Nms | 2025-04-20 | N/A |
| CloudView NMS before 2.10a has XSS via SNMP. | ||||
| CVE-2012-5636 | 1 Apache | 1 Wicket | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response. | ||||
| CVE-2016-5075 | 1 Cloudviewnms | 1 Cloudview Nms | 2025-04-20 | N/A |
| CloudView NMS before 2.10a has XSS via a TELNET login. | ||||
| CVE-2016-8999 | 1 Ibm | 3 Infosphere Datastage, Infosphere Information Server, Infosphere Information Server On Cloud | 2025-04-20 | N/A |
| IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS. | ||||
| CVE-2016-9006 | 1 Ibm | 1 Urbancode Deploy | 2025-04-20 | N/A |
| IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264. | ||||
| CVE-2014-7240 | 1 Formget | 1 Easy Contact Form Solution | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php. | ||||
| CVE-2016-5364 | 1 Mantisbt | 1 Mantisbt | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. | ||||