Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7987 | 1 Espocrm | 1 Espocrm | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.
|
|||||
| CVE-2016-1197 | 1 Cybozu | 1 Garoon | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.
|
|||||
| CVE-2014-3797 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2016-1149 | 1 Cybozu | 1 Office | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150.
|
|||||
| CVE-2016-7282 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
|
|||||
| CVE-2014-4645 | 1 Dlink | 1 Dsl-2760u-e1 | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname.
|
|||||
| CVE-2015-0103 | 1 Ibm | 1 Business Process Manager | 2025-04-12 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields.
|
|||||
| CVE-2016-2040 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.
|
|||||
| CVE-2015-3372 | 1 Node Invite Project | 1 Node Invite | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
|
|||||
| CVE-2013-2087 | 1 Galleryproject | 1 Gallery | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to modules/gallery/controllers/movies.php or (2) key variable to modules/gallery/views/error_admin.html.php.
|
|||||
| CVE-2016-2925 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2015-4132 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-12 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2016-2511 | 2 Debian, Websvn | 2 Debian Linux, Websvn | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php.
|
|||||
| CVE-2016-4833 | 1 Nofollow Links Project | 1 Nofollow Links | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2015-0918 | 1 Sefrengo | 1 Sefrengo | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php.
|
|||||
| CVE-2014-10018 | 1 Teracom | 1 T2-b-gawv1.4u10y-bi | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter.
|
|||||
| CVE-2015-3359 | 1 Room Reservations Project | 1 Room Reservations | 2025-04-12 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Room Reservations module before 7.x-1.1 for Drupal allow remote authenticated users with the "Administer the room reservations system" permission to inject arbitrary web script or HTML via the (1) node title of a "Room Reservations Category" or (2) body of a "Room Reservations Room" node.
|
|||||
| CVE-2015-7822 | 1 Kentico | 1 Kentico Cms | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the default URI.
|
|||||
| CVE-2016-4812 | 1 Markdown On Saved Improved Project | 1 Markdown On Saved Improved | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Markdown on Save Improved plugin before 2.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2015-1978 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-2591 | 1 Emailarchitect | 1 Emailarchitect Email Server | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email.
|
|||||
| CVE-2016-9200 | 1 Cisco | 1 Prime Collaboration Assurance | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface. More Information: CSCut43268. Known Affected Releases: 10.5(1) 10.6.
|
|||||
| CVE-2012-5565 | 1 Horde | 2 Groupware, Imp | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view.
|
|||||
| CVE-2015-7363 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Firmware, Fortimanager and 1 more | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
|
|||||
| CVE-2014-2067 | 1 Jenkins | 1 Jenkins | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."
|
|||||
| CVE-2015-6390 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741.
|
|||||
| CVE-2015-1910 | 1 Ibm | 1 Infosphere Master Data Management Server | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, and 11.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2014-4033 | 1 Efrontlearning | 1 Efront | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.
|
|||||
| CVE-2014-6152 | 1 Ibm | 1 Tivoli Integrated Portal | 2025-04-12 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Integrated Portal (TIP) 2.2.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2014-8488 | 2 Fedoraproject, Yourls | 2 Fedora, Yourls | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality.
|
|||||
| CVE-2014-8622 | 1 Compfight Project | 1 Compfight | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter.
|
|||||
| CVE-2014-2908 | 1 Siemens | 6 Simatic S7 Cpu-1211c, Simatic S7 Cpu 1200 Firmware, Simatic S7 Cpu 1212c and 3 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2015-5444 | 1 Hp | 1 Smart Profile Server Data Analytics Layer | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2014-3367 | 1 Cisco | 1 Cisco Nexus 1000v Intercloud | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq90524.
|
|||||
| CVE-2016-1000121 | 1 Huge-it | 1 Slider | 2025-04-12 | 3.5 LOW | 4.8 MEDIUM |
|
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
|
|||||
| CVE-2014-8557 | 1 Jexperts | 1 Channel Platform | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in JExperts Channel Platform 5.0.33_CCB allow remote attackers to inject arbitrary web script or HTML via the (1) usuario.nome variable in an editarUsuario action to usuario.do or (2) titulo.form variable in a novoChamado action to ticket.do.
|
|||||
| CVE-2014-3966 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.
|
|||||
| CVE-2016-7571 | 1 Drupal | 1 Drupal | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.
|
|||||
| CVE-2014-9059 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.3 MEDIUM | N/A |
|
lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.
|
|||||
| CVE-2015-0513 | 1 Emc | 2 Vipr Srm, Watch4net | 2025-04-12 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.
|
|||||