Export limit exceeded: 350765 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45929 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16876 | 2 Fedoraproject, Mistune Project | 2 Fedora, Mistune | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. | ||||
| CVE-2017-2147 | 1 Wp-statistics | 1 Wp Statistics | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-1001001 | 1 Pluxml | 1 Pluxml | 2025-04-20 | N/A |
| PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. | ||||
| CVE-2017-17093 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | N/A |
| wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site. | ||||
| CVE-2017-17092 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | N/A |
| wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. | ||||
| CVE-2017-2127 | 1 Yop-poll | 1 Yop Poll | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-6749 | 1 Cisco | 2 Web Security Appliance, Web Security Virtual Appliance | 2025-04-20 | N/A |
| A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88865. Known Affected Releases: 10.1.0-204. | ||||
| CVE-2017-17778 | 1 Paid To Read Script Project | 1 Paid To Read Script | 2025-04-20 | N/A |
| Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter. | ||||
| CVE-2017-16950 | 1 Urbackup | 1 Urbackup Server | 2025-04-20 | N/A |
| Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | ||||
| CVE-2017-17792 | 1 Blogotext Project | 1 Blogotext | 2025-04-20 | N/A |
| Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment. | ||||
| CVE-2017-16567 | 1 Logitech | 1 Media Server | 2025-04-20 | 5.4 Medium |
| Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected functionality. Exploitation of this vulnerability can lead to Session Hijacking and Credential Theft, Execution of unauthorized actions on behalf of users, and Exfiltration of sensitive data. This vulnerability presents a potential risk for widespread exploitation in connected IoT environments. | ||||
| CVE-2015-9056 | 1 Elastic | 1 Kibana | 2025-04-20 | N/A |
| Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. | ||||
| CVE-2016-9421 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-10837 | 1 Backup-guard | 1 Backup Guard | 2025-04-20 | 6.1 Medium |
| Cross-site scripting vulnerability in BackupGuard prior to version 1.1.47 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-9260 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. | ||||
| CVE-2017-12347 | 1 Cisco | 1 Data Center Network Manager | 2025-04-20 | N/A |
| Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. | ||||
| CVE-2017-17994 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2025-04-20 | N/A |
| Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. | ||||
| CVE-2015-2881 | 1 Gynoii | 3 Gcw-1010, Gcw-1020, Gpw-1025 | 2025-04-20 | N/A |
| Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account. | ||||
| CVE-2016-5078 | 1 Paessler | 1 Prtg Network Monitor | 2025-04-20 | N/A |
| Paessler PRTG before 16.2.24.4045 has XSS via SNMP. | ||||
| CVE-2017-14498 | 1 Silverstripe | 1 Silverstripe | 2025-04-20 | N/A |
| SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017. | ||||