Export limit exceeded: 47124 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47124 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1222 1 Kobe-beauty 1 Php-contact-form 2025-04-12 6.1 Medium
Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.
CVE-2016-1226 1 Trendmicro 1 Internet Security 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1230 1 Ntt 1 Webarena Service Formmail 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-0280 1 Ibm 3 Information Server Framework, Infosphere Information Governance Catalog, Infosphere Information Server Business Glossary 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Business Glossary 8.7 before FP2, Information Server Framework and InfoSphere Information Server Business Glossary 9.1 before 9.1.2.0, Information Server Framework and InfoSphere Information Governance Catalog 11.3 before 11.3.1.2, and Information Server Framework and InfoSphere Information Governance Catalog 11.5 before 11.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2016-0283 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-5447 1 Hp 1 Storeonce Backup System Software 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5456 1 Pivotx 1 Pivotx 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable and form actions.
CVE-2015-5475 1 Bestpractical 1 Request Tracker 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages.
CVE-2015-5481 1 Dev4press 1 Gd Bbpress Attachments 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
CVE-2015-5485 1 Theeventscalendar 1 Eventbrite Tickets 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php.
CVE-2015-5487 1 Techsmith 1 Camtasia Relay 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" permission to inject arbitrary web script or HTML via unspecified vectors related to the meta access tab.
CVE-2016-0955 4 Adobe, Apple, Linux and 1 more 4 Experience Manager, Mac Os X, Linux Kernel and 1 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog.
CVE-2015-5625 1 Opendocman 1 Opendocman 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.
CVE-2015-5654 1 Dojotoolkit 1 Dojo 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5664 1 Qnap 1 Qts 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5875 1 Apple 1 Mac Os X 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text.
CVE-2016-2883 1 Ibm 1 Tririga Application Platform 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0387.
CVE-2016-1564 1 Wordpress 1 Wordpress 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php.
CVE-2016-1565 1 Field Group Project 1 Field Group 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject arbitrary web script or HTML via an element attribute.
CVE-2016-1592 1 Netiq 1 Identity Manager 2025-04-12 N/A
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.