Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7439 | 1 Ibm | 4 Rational Software Architect, Rational Software Architect For Websphere Software, Rational Software Architect For Websphere Software\' and 1 more | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA4WS) 8.5 through 9.5, and Rational Software Architect RealTime (RSART) 8.5 through 9.5, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2016-0313 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0350.
|
|||||
| CVE-2015-0156 | 1 Ibm | 2 Business Process Manager, Websphere | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2012-6641 | 1 Prestashop | 1 Prestashop | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to "parameter names and values."
|
|||||
| CVE-2017-5179 | 1 Tenable | 1 Nessus | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2015-7796 | 1 Cybozu | 1 Office | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
|
|||||
| CVE-2015-0690 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178.
|
|||||
| CVE-2016-1294 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug ID CSCuw89094.
|
|||||
| CVE-2015-6844 | 1 Emc | 1 Sourceone Email Supervisor | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2014-6178 | 1 Ibm | 1 Websphere Service Registry And Repository | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2014-9142 | 1 Technicolor | 1 Td5130 Router Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.
|
|||||
| CVE-2014-6215 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 before 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2015-1636 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
|
|||||
| CVE-2013-2643 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component.
|
|||||
| CVE-2015-7772 | 1 Newphoria Corporation | 1 Applican | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers WebView anchor attachment in an applican application, a different vulnerability than CVE-2015-7771.
|
|||||
| CVE-2014-100032 | 1 Airties | 1 Air 6372 | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter.
|
|||||
| CVE-2015-4993 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4998.
|
|||||
| CVE-2016-5721 | 1 Zimbra | 1 Zimbra Collaboration Server | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2016-4016 | 1 Sap | 1 Java As | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295.
|
|||||
| CVE-2016-2010 | 1 Hp | 1 Network Node Manager I | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011.
|
|||||
| CVE-2015-6349 | 1 Cisco | 1 Secure Access Control Server | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2014-8724 | 1 Boldgrid | 1 W3 Total Cache | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI.
|
|||||
| CVE-2014-2026 | 1 Unitedplanet | 1 Intrexx | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.
|
|||||
| CVE-2016-2228 | 3 Debian, Fedoraproject, Horde | 4 Debian Linux, Fedora, Groupware and 1 more | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php.
|
|||||
| CVE-2014-8069 | 1 Yootheme | 1 Pagekit | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to index.php/user or (2) PATH_INFO to index.php.
|
|||||
| CVE-2012-4901 | 1 Template Cms Project | 1 Template Cms | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php.
|
|||||
| CVE-2016-0285 | 1 Ibm | 1 Rational Team Concert | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 b ...
Show More |
|||||
| CVE-2015-4220 | 1 Cisco | 1 Unified Presence Server | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773.
|
|||||
| CVE-2014-0825 | 1 Ibm | 6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a ...
Show More |
|||||
| CVE-2015-7348 | 1 Ztree Project | 1 Ztree | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to demo/en/asyncData/getNodesForBigData.php.
|
|||||
| CVE-2016-0927 | 1 Pivotal Software | 1 Cloud Foundry Elastic Runtime | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2015-4490 | 4 Canonical, Mozilla, Opensuse and 1 more | 4 Ubuntu Linux, Firefox, Opensuse and 1 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging unexpected policy-enforcement behavior.
|
|||||
| CVE-2015-8105 | 2 Opensuse, Roundcube | 2 Opensuse, Webmail | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.
|
|||||
| CVE-2014-4605 | 1 Zdstatistics Project | 1 Zdstatistics | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in cal/test.php in the ZdStatistics (zdstats) plugin 2.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
|
|||||
| CVE-2014-4309 | 1 Openfiler | 1 Openfiler | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 allow remote attackers to inject arbitrary web script or HTML via the (1) TinkerAjax parameter to uptime.html, or remote authenticated users to inject arbitrary web script or HTML via the (2) MaxInstances, (3) PassivePorts, (4) Port, (5) ServerName, (6) TimeoutLogin, (7) TimeoutNoTransfer, or (8) TimeoutStalled parameter to admin/services_ftp.html; the (9) dns1 or (10) dns2 parameter to admin/system.html; the (11) newTgtName p ...
Show More |
|||||
| CVE-2015-2315 | 1 Wpml | 1 Wpml | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup action to the default URI.
|
|||||
| CVE-2015-3275 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php.
|
|||||
| CVE-2015-5521 | 1 Blackcat-cms | 1 Blackcat Cms | 2025-04-12 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php.
|
|||||
| CVE-2015-8603 | 1 S9y | 1 Serendipity | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php.
|
|||||
| CVE-2016-3969 | 1 Mcafee | 1 Email Gateway | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email.
|
|||||