Export limit exceeded: 46786 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46786 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5945 | 1 Poodll | 1 Moodle-filter Poodll | 2025-04-20 | N/A |
| An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodll_audio_url" HTTP GET parameter passed to the "filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-5960 | 1 Phalconeye Project | 1 Phalconeye | 2025-04-20 | N/A |
| An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-5961 | 1 Ionizecms | 1 Ionize | 2025-04-20 | N/A |
| An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirror/dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-5963 | 1 Caddy Project | 1 Caddy | 2025-04-20 | N/A |
| An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-5964 | 1 Openenergymonitor | 1 Emoncms | 2025-04-20 | 6.1 Medium |
| An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-5998 | 1 Intersect Alliance | 1 Snare Epilog | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the str_log_name parameter in a "Web Admin Portal > Log Configuration > Add" action. | ||||
| CVE-2017-6003 | 1 Dotcms | 1 Dotcms | 2025-04-20 | N/A |
| dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields. | ||||
| CVE-2017-6811 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2025-04-20 | N/A |
| paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter). | ||||
| CVE-2017-6053 | 1 Trihedral | 1 Vtscada | 2025-04-20 | N/A |
| A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser. | ||||
| CVE-2017-6103 | 1 Anyvar Project | 1 Anyvar | 2025-04-20 | N/A |
| Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. | ||||
| CVE-2017-6061 | 1 Sap | 1 Businessobjects Financial Consolidation | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106. | ||||
| CVE-2017-6067 | 1 Getsymphony | 1 Symphony | 2025-04-20 | N/A |
| Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field. | ||||
| CVE-2017-6099 | 1 Paypal | 1 Merchant-sdk-php | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter. | ||||
| CVE-2017-6102 | 1 Rockhoist Badges Project | 1 Rockhoist Badges Plugin | 2025-04-20 | N/A |
| Persistent XSS in wordpress plugin rockhoist-badges v1.2.2. | ||||
| CVE-2017-6392 | 1 Kaltura | 1 Kaltura Server | 2025-04-20 | N/A |
| An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-6390 | 1 Soruly | 1 Whatanime.ga | 2025-04-20 | N/A |
| An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "whatanime.ga-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-6391 | 1 Kaltura | 1 Kaltura Server | 2025-04-20 | N/A |
| An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "admin_console/web/tools/SimpleJWPlayer.php" URL, the "admin_console/web/tools/AkamaiBroadcaster.php" URL, the "admin_console/web/tools/bigRedButton.php" URL, and the "admin_console/web/tools/bigRedButtonPtsPoc.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-6395 | 1 Hashover Project | 1 Hashover | 2025-04-20 | N/A |
| An issue was discovered in HashOver 2.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'hashover/scripts/widget-output.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-6397 | 1 Flightairmap | 1 Flightairmap | 2025-04-20 | 6.1 Medium |
| An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several *-sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-6403 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-20 | N/A |
| An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password. | ||||