Export limit exceeded: 47006 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47006 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-3591 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js.
CVE-2016-6641 1 Emc 1 Vipr Srm 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-3978 1 Fortinet 1 Fortios 2025-04-12 N/A
The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login."
CVE-2016-6643 1 Emc 1 Vipr Srm 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0891 1 Puppet 2 Puppet Dashboard, Puppet Enterprise 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
CVE-2016-5398 1 Redhat 3 Jboss Bpm Suite, Jboss Bpms, Jboss Enterprise Brms Platform 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.
CVE-2016-2046 1 Sophos 1 Unified Threat Management Software 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2016-3379 1 Microsoft 1 Exchange Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability."
CVE-2016-5265 3 Mozilla, Oracle, Redhat 3 Firefox, Linux, Enterprise Linux 2025-04-12 N/A
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory.
CVE-2012-1303 1 Amcharts 1 Flash 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash 1 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ampie.swf; the message element in the chart_data parameter to (3) amcolumn.swf, (4) amline.swf, (5) amradar.swf, or (6) amxy.sw; or (7) the settings_file parameter to amstock.swf.
CVE-2016-3054 1 Ibm 1 Filenet Workplace 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.
CVE-2016-5262 3 Mozilla, Oracle, Redhat 3 Firefox, Linux, Enterprise Linux 2025-04-12 N/A
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
CVE-2012-1302 1 Ammap Project 1 Ammap 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf.
CVE-2016-4026 1 Open-xchange 1 Open-xchange Appsuite 2025-04-12 N/A
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on.
CVE-2016-6451 1 Cisco 1 Prime Collaboration Provisioning 2025-04-12 N/A
Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCut43061 CSCut43066 CSCut43736 CSCut43738 CSCut43741 CSCut43745 CSCut43748 CSCut43751 CSCut43756 CSCut43759 CSCut43764 CSCut43766. Known Affected Releases: 10.6.
CVE-2016-1498 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL.
CVE-2016-6647 1 Emc 1 Vipr Srm 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-8376 1 Getsymphony 1 Symphony 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Navigation Group, or (3) Label parameter to blueprints/sections/edit/1.
CVE-2016-0350 1 Ibm 1 Jazz Reporting Service 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0313.
CVE-2015-8052 1 Adobe 1 Coldfusion 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8053.