Export limit exceeded: 47135 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47135 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1000133 1 Designsandcode 1 Forget About Shortcode Buttons 2025-04-12 N/A
Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
CVE-2016-1000134 1 Hdw-tube Project 1 Hdw-tube 2025-04-12 N/A
Reflected XSS in wordpress plugin hdw-tube v1.2
CVE-2016-1000135 1 Hdw-tube Project 1 Hdw-tube 2025-04-12 N/A
Reflected XSS in wordpress plugin hdw-tube v1.2
CVE-2015-6506 1 Bestpractical 1 Request Tracker 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.
CVE-2016-1000137 1 Hero-maps-pro Project 1 Hero-maps-pro 2025-04-12 N/A
Reflected XSS in wordpress plugin hero-maps-pro v2.1.0
CVE-2016-1000138 1 Indexisto Project 1 Indexisto 2025-04-12 N/A
Reflected XSS in wordpress plugin indexisto v1.0.5
CVE-2015-6510 1 Netgate 1 Pfsense 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, or (6) count parameter to diag_packet_capture.php; the (7) pppoe_resethour, (8) pppoe_resetminute, (9) wpa_group_rekey, or (10) wpa_gmk_rekey parameter to interfaces.php; the (11) pppoe_resethour or (12) pppoe_resetminute parameter to interfaces_ppps_edit.php; the (13) member[] parameter to interfaces_qinq_edit.php; the (14) port or (15) retry parameter to load_balancer_pool_edit.php; the (16) pkgrepourl parameter to pkg_mgr_settings.php; the (17) zone parameter to services_captiveportal.php; the port parameter to (18) services_dnsmasq.php or (19) services_unbound.php; the (20) cache_max_ttl or (21) cache_min_ttl parameter to services_unbound_advanced.php; the (22) sshport parameter to system_advanced_admin.php; the (23) id, (24) tunable, (25) descr, or (26) value parameter to system_advanced_sysctl.php; the (27) firmwareurl, (28) repositoryurl, or (29) branch parameter to system_firmware_settings.php; the (30) pfsyncpeerip, (31) synchronizetoip, (32) username, or (33) passwordfld parameter to system_hasync.php; the (34) maxmss parameter to vpn_ipsec_settings.php; the (35) ntp_server1, (36) ntp_server2, (37) wins_server1, or (38) wins_server2 parameter to vpn_openvpn_csc.php; or unspecified parameters to (39) load_balancer_relay_action.php, (40) load_balancer_relay_action_edit.php, (41) load_balancer_relay_protocol.php, or (42) load_balancer_relay_protocol_edit.php.
CVE-2016-1000146 1 Pondol-formmail Project 1 Pondol-formmail 2025-04-12 N/A
Reflected XSS in wordpress plugin pondol-formmail v1.1
CVE-2015-6511 1 Netgate 1 Pfsense 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php.
CVE-2016-1000150 1 Oxil 1 Simplified-content 2025-04-12 N/A
Reflected XSS in wordpress plugin simplified-content v1.0.0
CVE-2016-2948 1 Ibm 1 Bigfix Remote Control 2025-04-12 N/A
IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors.
CVE-2015-6530 1 Opentext 2 Secure Mft 2013, Secure Mft 2014 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext parameter to userdashboard.jsp.
CVE-2014-9516 1 Social Microblogging Pro Project 1 Social Microblogging Pro 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site" input in the Profile section.
CVE-2016-2955 1 Ibm 1 Connections 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3821 1 Juniper 1 Junos 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3863 1 J\!extensions Store 1 Jchatsocial 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the JChatSocial component before 2.3 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the filename parameter in a file upload in an active JChat chat window.
CVE-2016-4045 1 Open-xchange 1 Open-xchange Appsuite 2025-04-12 N/A
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work.
CVE-2014-3870 1 Bib2html Project 1 Bib2html 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd action to OSBiB/create/index.php.
CVE-2014-3876 1 Ulli Horlacher 1 Fex 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc.
CVE-2014-3884 1 Webmin 1 Usermin 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.