Export limit exceeded: 46786 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46786 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3408 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813. | ||||
| CVE-2017-14712 | 1 Telaxius | 1 Epesi | 2025-04-20 | N/A |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. | ||||
| CVE-2017-14713 | 1 Telaxius | 1 Epesi | 2025-04-20 | N/A |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter. | ||||
| CVE-2017-14714 | 1 Telaxius | 1 Epesi | 2025-04-20 | N/A |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. | ||||
| CVE-2016-5078 | 1 Paessler | 1 Prtg Network Monitor | 2025-04-20 | N/A |
| Paessler PRTG before 16.2.24.4045 has XSS via SNMP. | ||||
| CVE-2017-14717 | 1 Telaxius | 1 Epesi | 2025-04-20 | N/A |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. | ||||
| CVE-2017-14718 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. | ||||
| CVE-2017-1591 | 1 Ibm | 1 Datapower Gateway | 2025-04-20 | N/A |
| IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368. | ||||
| CVE-2017-14720 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. | ||||
| CVE-2017-14721 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. | ||||
| CVE-2017-15909 | 1 Dlink | 2 Dgs-1500, Dgs-1500 Firmware | 2025-04-20 | N/A |
| D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. | ||||
| CVE-2016-5077 | 1 Netikus | 1 Eventsentry | 2025-04-20 | N/A |
| Netikus EventSentry before 3.2.1.44 has XSS via SNMP. | ||||
| CVE-2015-8815 | 1 Umbraco | 1 Umbraco | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page. | ||||
| CVE-2015-8831 | 1 Dotclear | 1 Dotclear | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment. | ||||
| CVE-2017-14724 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. | ||||
| CVE-2017-15892 | 1 Synology | 1 Chat | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter. | ||||
| CVE-2017-6812 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2025-04-20 | N/A |
| paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter). | ||||
| CVE-2017-14735 | 1 Antisamy Project | 1 Antisamy | 2025-04-20 | N/A |
| OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL. | ||||
| CVE-2017-14744 | 1 Baidu | 1 Ueditor | 2025-04-20 | N/A |
| UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | ||||
| CVE-2015-8936 | 1 Squidguard | 1 Squidguard | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link. | ||||