Export limit exceeded: 46971 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46971 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-6416 | 1 Cisco | 1 Unified Web And E-mail Interaction Manager | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479. | ||||
| CVE-2015-6434 | 1 Cisco | 1 Prime Infrastructure | 2025-04-12 | N/A |
| Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCux64856. | ||||
| CVE-2015-6751 | 1 Time Tracker Project | 1 Time Tracker | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) note added to a time entry or an (2) activity used to categorize time tracker entries. | ||||
| CVE-2015-6752 | 1 Search Api Autocomplete Project | 1 Search Api Autocomplete | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the returned suggestions. | ||||
| CVE-2015-6753 | 1 Quick Edit Project | 1 Quick Edit | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) entity title, related to in-place editing, or a (2) node title. | ||||
| CVE-2015-6921 | 1 Zendesk | 1 Zendesk Feedback Tab | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-6939 | 1 Joomla | 1 Joomla\! | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-7676 | 1 Ipswitch | 1 Moveit Dmz | 2025-04-12 | N/A |
| Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files. | ||||
| CVE-2015-7679 | 1 Ipswitch | 1 Moveit Mobile | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/. | ||||
| CVE-2015-7772 | 1 Newphoria Corporation | 1 Applican | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers WebView anchor attachment in an applican application, a different vulnerability than CVE-2015-7771. | ||||
| CVE-2015-7782 | 1 Let\'s Php\! | 1 Frame High-speed Chat | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Let's PHP! Frame high-speed chat before 2015-09-22 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-7777 | 1 Void Project | 1 Void | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in JosephErnest Void before 2015-10-02 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. | ||||
| CVE-2015-7783 | 1 Let\'s Php\! | 1 Pbbs | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before 4.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-7786 | 1 Nttdata | 1 Web Analytics Service | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the NTT DATA Smart Sourcing JavaScript module 2003-11-26 through 2013-07-09 for Web Analytics Service allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-7790 | 1 Asus | 2 Wl-330nul, Wl-330nul Firmware | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-7822 | 1 Kentico | 1 Kentico Cms | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the default URI. | ||||
| CVE-2016-9891 | 1 Dotclear | 1 Dotclear | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title). | ||||
| CVE-2015-8758 | 1 Typo3 | 1 Typo3 | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2015-8759 | 1 Typo3 | 1 Typo3 | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field. | ||||
| CVE-2015-8793 | 1 Roundcube | 1 Webmail | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937. | ||||