Export limit exceeded: 363089 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 47116 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47116 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5953 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder.
CVE-2015-6010 1 Refbase 1 Refbase 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to error.php; the (3) viewType parameter to duplicate_manager.php; the (4) queryAction, (5) displayType, (6) citeOrder, (7) sqlQuery, (8) showQuery, (9) showLinks, (10) showRows, or (11) queryID parameter to query_manager.php; the (12) sourceText or (13) sourceIDs parameter to import.php; or the (14) typeName or (15) fileName parameter to modify.php.
CVE-2015-6039 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka "Microsoft SharePoint Security Feature Bypass Vulnerability."
CVE-2015-6099 1 Microsoft 1 .net Framework 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."
CVE-2015-6176 1 Microsoft 1 Edge 2025-04-12 N/A
Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass Vulnerability."
CVE-2015-6255 1 Cisco 1 Unified Web And E-mail Interaction Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug ID CSCuo89051.
CVE-2015-6337 1 Cisco 1 Application Policy Infrastructure Controller Enterprise Module 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238.
CVE-2015-6363 1 Cisco 1 Firesight System Software 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuw88396.
CVE-2015-6416 1 Cisco 1 Unified Web And E-mail Interaction Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479.
CVE-2015-6434 1 Cisco 1 Prime Infrastructure 2025-04-12 N/A
Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCux64856.
CVE-2015-6466 1 Moxa 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field.
CVE-2015-6494 1 Infinite Automation Systems 1 Mango Automation 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6514 1 Splunk 1 Splunk 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6518 1 Phpliteadmin 1 Phpliteadmin 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) droptable parameter, or (3) table parameter to phpliteadmin.php.
CVE-2015-6528 1 Coppermine-gallery 1 Coppermine Photo Gallery 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.
CVE-2015-6529 1 Phpipam 1 Phpipam 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.
CVE-2015-7467 1 Ibm 1 Jazz Reporting Service 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-6549 1 Symantec 1 Netbackup Opscenter 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-7457 1 Ibm 1 Websphere Portal 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-6751 1 Time Tracker Project 1 Time Tracker 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) note added to a time entry or an (2) activity used to categorize time tracker entries.