Export limit exceeded: 359549 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46784 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46784 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-6973 | 1 Mantisbt | 1 Mantisbt | 2025-04-20 | N/A |
| A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2. | ||||
| CVE-2017-7038 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2025-04-20 | N/A |
| A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. | ||||
| CVE-2017-7296 | 1 Contiki-os | 1 Contiki | 2025-04-20 | N/A |
| An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configure that device's operation by sending HTTP POST requests. The vulnerability consists of improper input sanitisation of the text fields on the MQTT/IBM Cloud config page, allowing for JavaScript code injection. | ||||
| CVE-2017-7298 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element. | ||||
| CVE-2017-7339 | 1 Fortinet | 1 Fortiportal | 2025-04-20 | N/A |
| A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. | ||||
| CVE-2017-7359 | 1 Lucidcrew | 1 Pixie | 2025-04-20 | N/A |
| Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. | ||||
| CVE-2017-7360 | 1 Lucidcrew | 1 Pixie | 2025-04-20 | N/A |
| Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. | ||||
| CVE-2017-7361 | 1 Lucidcrew | 1 Pixie | 2025-04-20 | N/A |
| Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. | ||||
| CVE-2017-7362 | 1 Lucidcrew | 1 Pixie | 2025-04-20 | N/A |
| Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. | ||||
| CVE-2017-7363 | 1 Lucidcrew | 1 Pixie | 2025-04-20 | N/A |
| Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. | ||||
| CVE-2017-16881 | 1 Symphony Project | 1 Symphony | 2025-04-20 | N/A |
| b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java. | ||||
| CVE-2017-7384 | 1 Flipbuilder | 1 Flip Pdf | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter. | ||||
| CVE-2017-7386 | 1 Symetrie Project | 1 Symetrie | 2025-04-20 | N/A |
| citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter). | ||||
| CVE-2017-7387 | 1 Helpmewatchwho Project | 1 Helpmewatchwho | 2025-04-20 | N/A |
| TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a reflected XSS in HelpMeWatchWho-master/unaired.php (episodeID parameter). | ||||
| CVE-2017-7389 | 1 Openeclass | 1 Openeclass | 2025-04-20 | 6.1 Medium |
| Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-7400 | 2 Openstack, Redhat | 2 Horizon, Openstack | 2025-04-20 | N/A |
| OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping. | ||||
| CVE-2017-7409 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | N/A |
| Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674. | ||||
| CVE-2017-7416 | 1 Ntop | 1 Ntopng | 2025-04-20 | N/A |
| ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated. | ||||
| CVE-2017-7425 | 1 Netiq | 1 Imanager | 2025-04-20 | N/A |
| Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. | ||||
| CVE-2017-9441 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 2.7 Low |
| Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in manifest.json. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files. | ||||