Export limit exceeded: 47149 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47149 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6436 | 1 Cisco | 1 Hostscan Engine | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682. | ||||
| CVE-2014-8911 | 1 Ibm | 1 Content Navigator | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header. | ||||
| CVE-2014-100016 | 1 Photocati Media | 1 Photocrati | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-sizes.php in the Photocrati theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the prod_id parameter. | ||||
| CVE-2014-5360 | 1 Landesk | 1 Landesk Management Suite | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlist_grouptree.aspx. | ||||
| CVE-2014-100017 | 1 Phponlinechat | 1 Phponlinechat | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in canned_opr.php in PhpOnlineChat 3.0 allows remote attackers to inject arbitrary web script or HTML via the message field. | ||||
| CVE-2014-100021 | 1 Orangehrm | 1 Orangehrm | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the empsearch[employee_name][empId] parameter. | ||||
| CVE-2014-100026 | 1 April\'s Super Functions Pack Project | 1 April\'s Super Functions Pack | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in readme.php in the April's Super Functions Pack plugin before 1.4.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2015-5009 | 1 Ibm | 1 Websphere Commerce | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2014-9738 | 1 Tournament Project | 1 Tournament | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) account username, a (2) node title, or a (3) team entity title. | ||||
| CVE-2014-2153 | 1 Cisco | 1 Prime Infrastructure | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun21869. | ||||
| CVE-2012-5502 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-9739 | 1 Node Field Project | 1 Node Field | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields. | ||||
| CVE-2014-9740 | 1 Rules Link Project | 1 Rules Link | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer rules links" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the (1) question and (2) description strings in a confirmation form for a triggering Rules link. | ||||
| CVE-2015-2217 | 1 Myupb | 1 Ultimate Php Board | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or (2) avatar parameter to profile.php. | ||||
| CVE-2015-5992 | 1 Philippine Long Distance Telephone | 4 Kasda Kw58293, Kasda Kw58293 Firmware, Speedsurf 504an and 1 more | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter. | ||||
| CVE-2015-2747 | 1 Websense | 2 Triton, V-series Appliances | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy. | ||||
| CVE-2012-5650 | 1 Apache | 1 Couchdb | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite. | ||||
| CVE-2015-2760 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-2764 | 1 Websense | 1 Triton Ap Data | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-DATA before 8.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the DSS (1) Mobile or (2) DLP report catalog. | ||||
| CVE-2014-2235 | 1 Askbot | 1 Askbot | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Askbot before 0.7.49 allows remote attackers to inject arbitrary web script or HTML via vectors related to the question search form. | ||||