Export limit exceeded: 45785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5513 | 1 Niif | 1 Shibboleth Authentication | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login link. | ||||
| CVE-2015-5514 | 1 Migrate Project | 1 Migrate | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary web script or HTML via a destination field label. | ||||
| CVE-2015-6808 | 1 Getlevelten | 1 Spotlight | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title. | ||||
| CVE-2015-6809 | 1 Bedita | 1 Bedita | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection. | ||||
| CVE-2015-6810 | 1 Invisionpower | 1 Invision Power Board | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/. | ||||
| CVE-2015-5519 | 1 Wideimage Project | 1 Wideimage | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php. | ||||
| CVE-2015-5520 | 1 Orchardproject | 1 Orchard | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account. | ||||
| CVE-2015-5528 | 1 Wpbeginner | 1 Floating Social Bar | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the save_order function in class-floating-social-bar.php in the Floating Social Bar plugin before 1.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the items[] parameter in an fsb_save_order action to wp-admin/admin-ajax.php. | ||||
| CVE-2015-5529 | 1 Freereprintables | 1 Articlefr | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to dashboard/settings/categories/, (2) title or (3) rel parameter to dashboard/settings/links/, or (4) url parameter to dashboard/tools/pingservers/. | ||||
| CVE-2015-5447 | 1 Hp | 1 Storeonce Backup System Software | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-6844 | 1 Emc | 1 Sourceone Email Supervisor | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-5612 | 1 Octobercms | 1 October | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image. | ||||
| CVE-2015-5625 | 1 Opendocman | 1 Opendocman | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. | ||||
| CVE-2015-5732 | 1 Wordpress | 1 Wordpress | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title. | ||||
| CVE-2015-5733 | 1 Wordpress | 1 Wordpress | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title. | ||||
| CVE-2015-7398 | 1 Ibm | 1 Emptoris Contract Management | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2015-7706 | 1 Ssp-europe | 1 Secure Data Space | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Secure Data Space SDS-API before 3.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to api/v3/public/shares/downloads/, the (2) authType parameter to api/v3/auth/login, or the (3) login parameter to api/v3/auth/reset_password. | ||||
| CVE-2015-7708 | 1 4homepages | 1 4images | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat_description parameter in an updatecat action to admin/categories.php. | ||||
| CVE-2015-7771 | 1 Newphoria Corporation | 1 Applican | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID that is encountered by an applican application, a different vulnerability than CVE-2015-7772. | ||||
| CVE-2015-7775 | 1 Cybozu | 1 Garoon | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197. | ||||