Export limit exceeded: 46784 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46784 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14134 | 1 Maplesoft | 1 Maple T.a. | 2025-04-20 | N/A |
| A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688. | ||||
| CVE-2017-14126 | 1 Xnau | 1 Participants Database | 2025-04-20 | N/A |
| The Participants Database plugin before 1.7.5.10 for WordPress has XSS. | ||||
| CVE-2017-7663 | 1 Apache | 1 Openmeetings | 2025-04-20 | N/A |
| Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. | ||||
| CVE-2017-5631 | 1 Kmc Information Systems | 1 Caseaware | 2025-04-20 | N/A |
| An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string. | ||||
| CVE-2017-14115 | 2 Att, Commscope | 3 U-verse Firmware, Arris Nvg589, Arris Nvg599 | 2025-04-20 | N/A |
| The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands. | ||||
| CVE-2017-16956 | 1 Symphony Project | 1 Symphony | 2025-04-20 | N/A |
| b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title. | ||||
| CVE-2017-1000160 | 1 Expressionengine | 1 Expressionengine | 2025-04-20 | N/A |
| EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection | ||||
| CVE-2017-6067 | 1 Getsymphony | 1 Symphony | 2025-04-20 | N/A |
| Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field. | ||||
| CVE-2016-1215 | 1 Cybozu | 1 Garoon | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. | ||||
| CVE-2016-1216 | 1 Cybozu | 1 Garoon | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. | ||||
| CVE-2016-1217 | 1 Cybozu | 1 Garoon | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. | ||||
| CVE-2017-9816 | 1 Paessler | 1 Prtg Network Monitor | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-12928 | 1 Tecnovision | 1 Dlx Spot Player4 | 2025-04-20 | N/A |
| A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials. | ||||
| CVE-2017-9813 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2025-04-20 | N/A |
| In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS). | ||||
| CVE-2017-1363 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | N/A |
| IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856. | ||||
| CVE-2017-6061 | 1 Sap | 1 Businessobjects Financial Consolidation | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106. | ||||
| CVE-2017-6103 | 1 Anyvar Project | 1 Anyvar | 2025-04-20 | N/A |
| Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. | ||||
| CVE-2017-6053 | 1 Trihedral | 1 Vtscada | 2025-04-20 | N/A |
| A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser. | ||||
| CVE-2017-1000078 | 1 Onosproject | 1 Onos | 2025-04-20 | 6.1 Medium |
| Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration | ||||
| CVE-2017-7725 | 1 Concretecms | 1 Concrete Cms | 2025-04-20 | 6.1 Medium |
| concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector. | ||||