Export limit exceeded: 47053 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47053 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1498 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL. | ||||
| CVE-2013-1890 | 1 Owncloud | 1 Owncloud | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/. | ||||
| CVE-2013-4190 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-6037 | 1 Aker | 1 Secure Mail Gateway | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter. | ||||
| CVE-2015-3921 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter. | ||||
| CVE-2013-6318 | 1 Ibm | 1 Algo One | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-3974 | 1 Auracms | 1 Auracms | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter. | ||||
| CVE-2015-4084 | 1 Free-counter | 1 Free Counter | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to wp-admin/admin-ajax.php. | ||||
| CVE-2013-6300 | 1 Ibm | 1 Algo One | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6301, CVE-2013-6320, and CVE-2013-6333. | ||||
| CVE-2015-3904 | 1 Roomcloud | 1 Roomcloud | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php in the Roomcloud plugin before 1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) pin, (2) start_day, (3) start_month, (4) start_year, (5) end_day, (6) end_month, (7) end_year, (8) lang, (9) adults, or (10) children parameter. | ||||
| CVE-2015-0734 | 1 Cisco | 1 Email Security Appliance Firmware | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email Security Appliance (ESA) 8.5.6-106 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCut87743. | ||||
| CVE-2015-0724 | 1 Cisco | 1 Headend Digital Broadband Delivery System | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in dncs 7.0.0.12 in Cisco Headend Digital Broadband Delivery System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCur25604. | ||||
| CVE-2015-4132 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-4065 | 1 Landing Pages Project | 1 Landing Pages | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php. | ||||
| CVE-2016-5148 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)." | ||||
| CVE-2015-4955 | 1 Ibm | 1 Business Process Manager | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2015-4135 | 1 Phpwind | 1 Phpwind | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | ||||
| CVE-2014-2242 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | N/A |
| includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element. | ||||
| CVE-2014-2231 | 1 I-doit | 1 I-doit | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title. | ||||
| CVE-2014-1888 | 2 Buddypress, Wordpress | 2 Buddypress, Wordpress | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by leveraging CVE-2014-1889. | ||||