Export limit exceeded: 47297 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47297 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3036 | 1 Symantec | 1 Im Manager | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.4.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-3070 | 1 Dietrich Ayala | 1 Nusoap | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to an arbitrary PHP script that uses NuSOAP classes. | ||||
| CVE-2010-3056 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php. | ||||
| CVE-2013-6858 | 4 Canonical, Openstack, Opensuse and 1 more | 4 Ubuntu Linux, Horizon, Opensuse and 1 more | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page. | ||||
| CVE-2013-3999 | 1 Ibm | 1 Social Media Analytics | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics 1.2 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-1971 | 2 Drupal, Jordan De Laune | 2 Drupal, Mp3 Player | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file. | ||||
| CVE-2013-3979 | 2 Ibm, Microsoft | 2 Star Command Center, Internet Explorer | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Web\Content\Help\ in the Web Client in IBM Cognos Command Center (aka Star Command Center or Star Analytics) before 10.1, when Internet Explorer is used, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-1955 | 1 Nashtech | 1 Easy Php Calendar | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php and (2) datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-4883 | 1 Mcafee | 2 Epolicy Orchestrator, Epolicy Orchestrator Agent | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do. | ||||
| CVE-2013-1942 | 2 Happyworm, Owncloud | 3 Jplayer, Owncloud, Owncloud Server | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023. | ||||
| CVE-2013-3964 | 1 Samsung | 2 Shr-5082, Shr-5162 | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082, and possibly other models, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2013-1871 | 1 Redhat | 2 Network Satellite, Satellite | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter. | ||||
| CVE-2013-4884 | 1 Mcafee | 1 Superscan | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report. | ||||
| CVE-2013-2023 | 1 Happyworm | 1 Jplayer | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to incomplete blacklists, a different vulnerability than CVE-2013-1942 and CVE-2013-2022. | ||||
| CVE-2013-4779 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in core/handleTw.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-0668 | 1 Siemens | 1 Wincc Tia Portal | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2013-4007 | 1 Ibm | 2 Advanced Management Module, Bladecenter | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-2036 | 2 Drupal, Yoran Brault | 2 Drupal, Filebrowser | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Filebrowser module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "lists of files." | ||||
| CVE-2013-4899 | 1 Twilightcms | 1 Twilight Cms | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the gallery/ page. | ||||
| CVE-2013-1808 | 2 Redhat, Zeroclipboard Project | 2 Openshift, Zeroclipboard | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed. | ||||