Export limit exceeded: 47135 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47135 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3365 | 1 Nodeauthor Project | 1 Nodeauthor | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the nodeauthor module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a Profile2 field in a provided block. | ||||
| CVE-2014-8028 | 1 Cisco | 1 Secure Access Control System | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019. | ||||
| CVE-2014-8030 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381. | ||||
| CVE-2016-4168 | 1 Adobe | 1 Experience Manager | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-9891 | 1 Dotclear | 1 Dotclear | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title). | ||||
| CVE-2016-4159 | 1 Adobe | 1 Coldfusion | 2025-04-12 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-8075 | 1 Drupal | 1 Tribune | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x and 7.x-3.x for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title. | ||||
| CVE-2014-8078 | 1 Drupal | 1 Print | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes. | ||||
| CVE-2014-8079 | 1 Drupal | 1 Mayo | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to header background setting. | ||||
| CVE-2014-8317 | 1 Webform Validation Project | 1 Webform Validation | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name text. | ||||
| CVE-2014-8318 | 1 Webform Project | 1 Webform | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.20, 7.x-3.x before 7.x-3.20, and 7.x-4.x before 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a field label title, when two fields have the same form_key. | ||||
| CVE-2016-4170 | 1 Adobe | 1 Experience Manager | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-8319 | 1 Easy Social Project | 1 Easy Social | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the easy_social_admin_summary function in the Easy Social module 7.x-2.x before 7.x-2.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a block title. | ||||
| CVE-2014-8320 | 1 Custom Search Project | 1 Custom Search | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the "Label text" field to the results configuration page. | ||||
| CVE-2016-9998 | 1 Spip | 1 Spip | 2025-04-12 | N/A |
| SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL. | ||||
| CVE-2016-4058 | 1 Huawei | 1 Policy Center | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages." | ||||
| CVE-2016-4016 | 1 Sap | 1 Java As | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295. | ||||
| CVE-2014-9743 | 1 Videolan | 1 Vlc Media Player | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info. | ||||
| CVE-2015-7679 | 1 Ipswitch | 1 Moveit Mobile | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/. | ||||
| CVE-2015-7676 | 1 Ipswitch | 1 Moveit Dmz | 2025-04-12 | N/A |
| Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files. | ||||