Export limit exceeded: 47235 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47235 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4058 | 1 Huawei | 1 Policy Center | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages." | ||||
| CVE-2016-4170 | 1 Adobe | 1 Experience Manager | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-4159 | 1 Adobe | 1 Coldfusion | 2025-04-12 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-4168 | 1 Adobe | 1 Experience Manager | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-4585 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari. | ||||
| CVE-2016-2864 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2016-5099 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding. | ||||
| CVE-2016-7033 | 1 Redhat | 2 Jboss Bpm Suite, Jboss Bpms | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-7304 | 1 Drupaljedi | 1 Amocrm | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data. | ||||
| CVE-2015-5664 | 1 Qnap | 1 Qts | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-7320 | 1 Codepeople | 1 Appointment Booking Calendar | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-5905 | 1 Ibm | 1 Maximo Asset Management | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-6634 | 1 Wordpress | 1 Wordpress | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-5981 | 1 Ibm | 2 Filenet Workplace, Filenet Workplace Xt | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and FileNet Workplace (Application Engine) through 4.0.2.14-P8AE-IF001, when RegExpSecurityFilter and ScriptSecurityFilter are misconfigured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-5978 | 1 Ibm | 1 Tealeaf Customer Experience | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5975. | ||||
| CVE-2015-5654 | 1 Dojotoolkit | 1 Dojo | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-6532 | 1 Dexis | 1 Imaging Suite | 2025-04-12 | N/A |
| DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session. | ||||
| CVE-2016-6530 | 1 Dentsply Sirona | 1 Cdr Dicom | 2025-04-12 | N/A |
| Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords. | ||||
| CVE-2016-1000153 | 1 Tidio-gallery Project | 1 Tidio-gallery | 2025-04-12 | N/A |
| Reflected XSS in wordpress plugin tidio-gallery v1.1 | ||||
| CVE-2016-1000130 | 1 E-search Project | 1 E-search | 2025-04-12 | N/A |
| Reflected XSS in wordpress plugin e-search v1.0 | ||||