Export limit exceeded: 350768 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44022 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350768 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45929 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45929 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-15867 | 1 User-login-history Project | 1 User-login-history | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) browser, (7) operating_system, or (8) ip_address parameter to admin/partials/listing/listing.php. | ||||
| CVE-2017-15812 | 1 Easy-appointments | 1 Easy Appointments | 2025-04-20 | N/A |
| The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel. | ||||
| CVE-2017-15809 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag. | ||||
| CVE-2017-15736 | 1 Spip | 1 Spip | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php. | ||||
| CVE-2017-15727 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment. | ||||
| CVE-2017-15215 | 1 Shaarli Project | 1 Shaarli | 2025-04-20 | N/A |
| Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users. | ||||
| CVE-2017-15214 | 1 Flyspray | 1 Flyspray | 2025-04-20 | N/A |
| Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php. | ||||
| CVE-2017-15213 | 1 Flyspray | 1 Flyspray | 2025-04-20 | N/A |
| Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl. | ||||
| CVE-2017-1521 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | N/A |
| IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129831. | ||||
| CVE-2017-15188 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | N/A |
| A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php. | ||||
| CVE-2017-15039 | 1 Zurmo | 1 Zurmo Crm | 2025-04-20 | N/A |
| Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. | ||||
| CVE-2017-15009 | 1 Paessler | 1 Prtg Network Monitor | 2025-04-20 | N/A |
| PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter. | ||||
| CVE-2017-15008 | 1 Paessler | 1 Prtg Network Monitor | 2025-04-20 | N/A |
| PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element. | ||||
| CVE-2017-14985 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php. | ||||
| CVE-2017-14984 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php. | ||||
| CVE-2017-14983 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php. | ||||
| CVE-2015-9103 | 1 Synology | 1 Note Station | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments. | ||||
| CVE-2015-9105 | 1 Synology | 1 Video Station | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos. | ||||
| CVE-2017-1498 | 1 Ibm | 1 Connections | 2025-04-20 | N/A |
| IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020. | ||||
| CVE-2017-14973 | 1 Identicard | 1 Two-reader Controller Configuration Manager | 2025-04-20 | N/A |
| IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page). | ||||