Export limit exceeded: 47296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47296 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-3390 1 Ibm 2 Informix, Openadmin Tool 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in IBM OpenAdmin Tool (OAT) before 2.72 for Informix allow remote attackers to inject arbitrary web script or HTML via the (1) informixserver, (2) host, or (3) port parameter in a login action.
CVE-2014-0673 1 Cisco 1 Video Surveillance Indoor Fixed Dome Ip Hd Camera 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Cisco Video Surveillance 5000 HD IP Dome cameras allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCud10943 and CSCud10950.
CVE-2014-0670 1 Cisco 1 Mediasense 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686.
CVE-2014-0668 1 Cisco 1 Secure Access Control System 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949.
CVE-2012-2331 1 S9y 1 Serendipity 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
CVE-2014-0663 1 Cisco 1 Secure Access Control System 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625.
CVE-2012-4251 1 Mysqldumper 1 Mysqldumper 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.
CVE-2012-4259 1 C4b 1 Xphone Unified Communications 2011 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allows remote attackers to inject arbitrary web script or HTML via the company name. NOTE: some of these details are obtained from third party information.
CVE-2010-2856 1 Oscss 1 Oscss 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in admin/currencies.php in osCSS 1.2.2, and probably earlier versions, allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2010-2854 1 Jared Meeker 1 Event Horizon 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters, which are not properly handled in a forced SQL error message. NOTE: some of these details are obtained from third party information.
CVE-2012-5305 1 Directadmin 1 Directadmin 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
CVE-2013-1937 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable.
CVE-2010-2849 1 Nusoftware 1 Nubuilder 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to inject arbitrary web script or HTML via the f parameter.
CVE-2013-0538 1 Ibm 1 Lotus Notes 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49.
CVE-2013-1463 1 Wp-table Reloaded Project 1 Wp-table Reloaded 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be the same vulnerability as CVE-2013-1808. If so, it is likely that CVE-2013-1463 will be REJECTed.
CVE-2013-1470 1 Geeklog 1 Geeklog 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendar_type parameter to submit.php.
CVE-2013-1471 1 Fortinet 6 Fortimail, Fortimail-2000b, Fortimail-200d and 3 more 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section.
CVE-2012-2759 2 Netweblogic, Wordpress 2 Login With Ajax, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php.
CVE-2013-0535 1 Ibm 2 Classic Meeting Server, Lotus Sametime 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2723 2 Blaine Lang, Drupal 2 Maestro, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTML via unspecified vectors.