Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4707 1 Ipython 1 Ipython 2025-04-20 6.1 Medium
Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
CVE-2017-9956 1 Schneider-electric 1 U.motion Builder 2025-04-20 N/A
An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass
CVE-2017-6906 1 Siberiancms 1 Siberiancms 2025-04-20 N/A
An issue was discovered in SiberianCMS before 4.10.0. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the "SiberianCMS-master/errors/500.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-1000011 1 Mywebsql 1 Mywebsql 2025-04-20 N/A
MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information
CVE-2017-9451 1 Flatcore 1 Flatcore 2025-04-20 N/A
Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.
CVE-2017-0893 1 Nextcloud 1 Nextcloud Server 2025-04-20 N/A
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.
CVE-2017-5247 1 Biscom 1 Secure File Transfer 2025-04-20 N/A
Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticated user who views the attacker-supplied file name. All versions of SFT prior to 5.1.1028 are affected. The fix version is 5.1.1028.
CVE-2017-1000078 1 Onosproject 1 Onos 2025-04-20 6.1 Medium
Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration
CVE-2017-9547 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change).
CVE-2017-10667 1 Zen-cart 1 Zen Cart 2025-04-20 N/A
In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS.
CVE-2017-16802 1 Misp-project 1 Misp 2025-04-20 N/A
In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.
CVE-2017-9548 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change).
CVE-2017-9556 1 Synology 1 Video Station 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter.
CVE-2017-9655 1 Osisoft 3 Pi Integrator For Business Analystics, Pi Integrator For Microsoft Azure, Pi Integrator For Sap Hana 2025-04-20 N/A
A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site.
CVE-2017-16843 1 Vonage 2 Vdv-23, Vdv-23 Firmware 2025-04-20 N/A
Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.
CVE-2017-7621 1 Auromeera 1 Emli 2025-04-20 N/A
Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the page parameter to code/student_portal/home.php. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0.
CVE-2017-13724 1 Axesstel 2 Mu553s, Mu553s Firmware 2025-04-20 N/A
On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page.
CVE-2015-8477 1 Redmine 1 Redmine 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering.
CVE-2017-8760 1 Accellion 1 File Transfer Appliance 2025-04-20 N/A
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding.
CVE-2016-4946 1 Cloudera 1 Hue 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.