Export limit exceeded: 350762 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45928 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-7430 | 1 Mapsplugin | 1 Googlemaps | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the xmlns parameter. | ||||
| CVE-2017-2720 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | N/A |
| FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure. | ||||
| CVE-2017-2687 | 1 Siemens | 1 Ruggedcom Rox I | 2025-04-20 | N/A |
| Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link. | ||||
| CVE-2014-0141 | 1 Redhat | 1 Satellite | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. | ||||
| CVE-2015-7879 | 1 Stickynote Project | 1 Stickynote | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page. | ||||
| CVE-2017-6509 | 1 Burgundy-cms Project | 1 Burgundy-cms | 2025-04-20 | N/A |
| Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php (id parameter). | ||||
| CVE-2015-7246 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2025-04-20 | N/A |
| D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | ||||
| CVE-2015-5060 | 1 Anchorcms | 1 Anchor Cms | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev. | ||||
| CVE-2015-5057 | 1 Broken Link Checker Project | 1 Broken Link Checker | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. | ||||
| CVE-2017-2194 | 1 Ipa | 1 Icodechecker | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-4673 | 1 Clip-bucket | 1 Clipbucket | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3) photo_tags, or (4) photo_title parameter to upload/actions/photo_uploader.php. | ||||
| CVE-2015-4072 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message. | ||||
| CVE-2017-17719 | 1 Olyos | 1 Wp-concours | 2025-04-20 | N/A |
| A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php. | ||||
| CVE-2015-3998 | 2 Clickfraud-monitoring, Phpwhois Project | 2 Adsense-click-fraud-monitoring, Phpwhois | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML via the query parameter to whois.php. | ||||
| CVE-2015-3257 | 1 Zend | 1 Diactoros | 2025-04-20 | N/A |
| Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks. | ||||
| CVE-2017-17714 | 1 Boxug | 1 Trape | 2025-04-20 | N/A |
| Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. | ||||
| CVE-2017-17698 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2025-04-20 | N/A |
| Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. | ||||
| CVE-2016-4849 | 1 Geeklog Project | 1 Geeklog | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in (1) public_html/layout/default/header.thtml, (2) public_html/layout/bento/header.thtml, (3) public_html/layout/fotos/header.thtml, or (4) public_html/layout/default/article/article.thtml. | ||||
| CVE-2015-3162 | 1 Beaker-project | 1 Beaker | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job. | ||||
| CVE-2015-3161 | 1 Beaker-project | 1 Beaker | 2025-04-20 | N/A |
| The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape </script> tags in string literals when producing JSON. | ||||