Export limit exceeded: 350749 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45928 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45928 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5594 | 1 Zenphoto | 1 Zenphoto | 2025-04-20 | N/A |
| The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string. | ||||
| CVE-2015-5532 | 1 Strangerstudios | 1 Paid Memberships Pro | 2025-04-20 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php. | ||||
| CVE-2015-5381 | 1 Roundcube | 2 Roundcube Webmail, Webmail | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI. | ||||
| CVE-2015-5379 | 1 Axigen | 1 Axigen Mail Server | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment. | ||||
| CVE-2015-4721 | 1 Concretecms | 1 Concrete Cms | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1. | ||||
| CVE-2015-4707 | 1 Ipython | 1 Ipython | 2025-04-20 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path. | ||||
| CVE-2017-14714 | 1 Telaxius | 1 Epesi | 2025-04-20 | N/A |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. | ||||
| CVE-2016-10508 | 1 Phpthumb Project | 1 Phpthumb | 2025-04-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php. | ||||
| CVE-2017-14713 | 1 Telaxius | 1 Epesi | 2025-04-20 | N/A |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter. | ||||
| CVE-2017-14712 | 1 Telaxius | 1 Epesi | 2025-04-20 | N/A |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. | ||||
| CVE-2015-4687 | 1 Ellucian | 1 Banner Student | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-4667 | 1 Xceedium | 1 Xsuite | 2025-04-20 | N/A |
| Multiple hardcoded credentials in Xsuite 2.x. | ||||
| CVE-2017-7188 | 1 Zurmo | 1 Zurmo Crm | 2025-04-20 | 5.4 Medium |
| Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. | ||||
| CVE-2017-14744 | 1 Baidu | 1 Ueditor | 2025-04-20 | N/A |
| UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | ||||
| CVE-2017-7203 | 1 Zoneminder | 1 Zoneminder | 2025-04-20 | N/A |
| A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2016-10404 | 1 Liferay | 1 Liferay Portal | 2025-04-20 | N/A |
| XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp. | ||||
| CVE-2015-4591 | 1 Eclinicalworks | 1 Population Health | 2025-04-20 | N/A |
| eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter. | ||||
| CVE-2017-7204 | 1 Imdbphp Project | 1 Imdbphp | 2025-04-20 | N/A |
| A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. The vulnerability exists due to insufficient filtration of user-supplied data (name) passed to the "imdbphp-master/demo/search.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-7205 | 1 Gamepanelx | 1 Gamepanelx-v3 | 2025-04-20 | N/A |
| A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. The vulnerability exists due to insufficient filtration of user-supplied data (a) passed to the "GamePanelX-V3-master/ajax/ajax.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-15570 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | N/A |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. | ||||