Export limit exceeded: 46792 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46792 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3113 | 1 Redhat | 1 Ovirt-engine | 2025-04-20 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2017-14721 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. | ||||
| CVE-2016-6030 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | N/A |
| IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2016-1216 | 1 Cybozu | 1 Garoon | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. | ||||
| CVE-2015-8815 | 1 Umbraco | 1 Umbraco | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page. | ||||
| CVE-2016-1217 | 1 Cybozu | 1 Garoon | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. | ||||
| CVE-2017-7725 | 1 Concretecms | 1 Concrete Cms | 2025-04-20 | 6.1 Medium |
| concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector. | ||||
| CVE-2015-8831 | 1 Dotclear | 1 Dotclear | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment. | ||||
| CVE-2015-9057 | 1 Proxmox | 1 Proxmox Mail Gateway | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm. | ||||
| CVE-2016-6022 | 1 Ibm | 1 Rational Quality Manager | 2025-04-20 | N/A |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784. | ||||
| CVE-2015-9056 | 1 Elastic | 1 Kibana | 2025-04-20 | N/A |
| Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. | ||||
| CVE-2017-14724 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. | ||||
| CVE-2017-15273 | 1 Mahara | 1 Mahara | 2025-04-20 | N/A |
| Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts. | ||||
| CVE-2017-6812 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2025-04-20 | N/A |
| paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter). | ||||
| CVE-2017-14735 | 1 Antisamy Project | 1 Antisamy | 2025-04-20 | N/A |
| OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL. | ||||
| CVE-2016-6000 | 1 Ibm | 1 Tririga Application Platform | 2025-04-20 | N/A |
| IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2017-14744 | 1 Baidu | 1 Ueditor | 2025-04-20 | N/A |
| UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | ||||
| CVE-2015-8936 | 1 Squidguard | 1 Squidguard | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link. | ||||
| CVE-2017-14751 | 1 Intensewp | 1 Wp Jobs | 2025-04-20 | N/A |
| The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field. | ||||
| CVE-2017-14752 | 1 Mahara | 1 Mahara | 2025-04-20 | N/A |
| Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara. | ||||