Export limit exceeded: 349372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-1421 | 1 Webcalendar Project | 1 Webcalendar | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php. | ||||
| CVE-2016-5663 | 1 Accellion | 1 Kiteworks Appliance | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter. | ||||
| CVE-2014-8380 | 1 Splunk | 1 Splunk | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression. | ||||
| CVE-2014-8381 | 1 Megapolis | 1 Megapolis.portal Manager | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Megapolis.Portal Manager allow remote attackers to inject arbitrary web script or HTML via the (1) dateFrom or (2) dateTo parameter. | ||||
| CVE-2013-1636 | 3 Caseproof, Civicrm, Joobi | 3 Prettylinks, Civicrm, Com Jnews | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter. | ||||
| CVE-2016-5660 | 1 Accela | 1 Civic Platform | 2025-04-12 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter. | ||||
| CVE-2014-6192 | 1 Ibm | 1 Curam Social Program Management | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2013-4190 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-8469 | 1 Moxi9 | 1 Phpfox | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header. | ||||
| CVE-2013-2187 | 1 Apache | 1 Archiva | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page. | ||||
| CVE-2013-2270 | 2 Airvana, Sprint | 3 Hubbub C1-600-rt, Airave, Airave Software | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the administration page in Airvana HubBub C1-600-RT and Sprint AIRAVE 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-2287 | 1 Roberta Bramski | 1 Uploader | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter. | ||||
| CVE-2014-8488 | 2 Fedoraproject, Yourls | 2 Fedora, Yourls | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality. | ||||
| CVE-2015-5529 | 1 Freereprintables | 1 Articlefr | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to dashboard/settings/categories/, (2) title or (3) rel parameter to dashboard/settings/links/, or (4) url parameter to dashboard/tools/pingservers/. | ||||
| CVE-2015-5528 | 1 Wpbeginner | 1 Floating Social Bar | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the save_order function in class-floating-social-bar.php in the Floating Social Bar plugin before 1.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the items[] parameter in an fsb_save_order action to wp-admin/admin-ajax.php. | ||||
| CVE-2016-4789 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-2289 | 1 Batavi | 1 Batavi | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php. | ||||
| CVE-2016-5395 | 1 Apache | 1 Ranger | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies. | ||||
| CVE-2014-8505 | 1 Etiko | 1 Etiko Cms | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Etiko CMS allow remote attackers to inject arbitrary web script or HTML via the (1) page_id parameter to loja/index.php or (2) article_id parameter to index.php. | ||||
| CVE-2014-8508 | 1 Denon | 1 Avr-3313ci | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname. | ||||