Export limit exceeded: 47033 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47033 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2570 1 Php Font Lib Project 1 Php Font Lib 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2015-3989 1 Concrete5 1 Concrete5 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors.
CVE-2014-1840 1 Mybb 1 Mybb 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message.
CVE-2016-9857 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVE-2016-2559 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.
CVE-2016-9856 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVE-2015-7360 1 Fortinet 2 Fortisandbox, Fortisandbox Firmware 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) "Fortiview threats by users search filtered by vdom" or (5) "PCAP file download generated by the VM scan feature."
CVE-2016-1000143 1 Photoxhibit Project 1 Photoxhibit 2025-04-12 N/A
Reflected XSS in wordpress plugin photoxhibit v2.1.8
CVE-2014-7293 1 Nyu 1 Opensso Integration 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2016-1000142 1 Parsi-font Project 1 Parsi-font 2025-04-12 N/A
Reflected XSS in wordpress plugin parsi-font v4.2.5
CVE-2016-1000141 1 Page-layout-builder Project 1 Page-layout-builder 2025-04-12 N/A
Reflected XSS in wordpress plugin page-layout-builder v1.9.3
CVE-2016-1000140 1 New-year-firework Project 1 New-year-firework 2025-04-12 N/A
Reflected XSS in wordpress plugin new-year-firework v1.1.9
CVE-2016-1000139 1 Infusionsoft Project 1 Infusionsoft 2025-04-12 N/A
Reflected XSS in wordpress plugin infusionsoft v1.5.11
CVE-2016-1000136 1 Heat-trackr Project 1 Heat-trackr 2025-04-12 N/A
Reflected XSS in wordpress plugin heat-trackr v1.0
CVE-2016-1000131 1 E-search Project 1 Esearch 2025-04-12 N/A
Reflected XSS in wordpress plugin e-search v1.0
CVE-2016-5978 1 Ibm 1 Tealeaf Customer Experience 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5975.
CVE-2016-5981 1 Ibm 2 Filenet Workplace, Filenet Workplace Xt 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and FileNet Workplace (Application Engine) through 4.0.2.14-P8AE-IF001, when RegExpSecurityFilter and ScriptSecurityFilter are misconfigured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-5905 1 Ibm 1 Maximo Asset Management 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1286 4 Debian, Google, Opensuse and 1 more 8 Debian Linux, Chrome, Opensuse and 5 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)."
CVE-2015-1347 1 Osticket 1 Osticket 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.