Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-7509 1 Glpi-project 1 Glpi 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket.
CVE-2017-15811 1 Pootlepress 1 Pootle Button 2025-04-20 N/A
The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php.
CVE-2017-12348 1 Cisco 1 Unified Computing System Central Software 2025-04-20 N/A
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.
CVE-2017-16782 1 Home-assistant 1 Home-assistant 2025-04-20 N/A
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.
CVE-2017-17569 1 Scubez 1 Posty Readymade Classifieds 2025-04-20 N/A
Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter.
CVE-2017-1325 1 Ibm 1 Inotes 2025-04-20 N/A
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976.
CVE-2017-11107 2 Debian, Phpldapadmin Project 2 Debian Linux, Phpldapadmin 2025-04-20 6.1 Medium
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
CVE-2017-1354 1 Ibm 1 Atlas Ediscovery Process Management 2025-04-20 N/A
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126681.
CVE-2017-17896 1 Basic Job Site Script Project 1 Basic Job Site Script 2025-04-20 N/A
Readymade Job Site Script has XSS via the keyword parameter to the /job URI.
CVE-2017-17953 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2025-04-20 N/A
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.
CVE-2017-12366 1 Cisco 1 Webex Meeting Center 2025-04-20 N/A
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78635,, CSCvg52440.
CVE-2017-12156 1 Moodle 1 Moodle 2025-04-20 N/A
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.
CVE-2017-1276 1 Ibm 2 Rational Doors Next Generation, Rational Requirements Composer 2025-04-20 N/A
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124751.
CVE-2017-11612 1 Joomla 1 Joomla\! 2025-04-20 N/A
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
CVE-2013-7430 1 Mapsplugin 1 Googlemaps 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the xmlns parameter.
CVE-2017-17828 1 Doditsolutions 1 Busbooking-script 2025-04-20 4.8 Medium
Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter.
CVE-2016-6800 1 Apache 1 Ofbiz 2025-04-20 N/A
The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apache OFBiz 16.11.01.
CVE-2017-16880 1 Whoops Project 1 Whoops 2025-04-20 N/A
The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS.
CVE-2016-3409 1 Synacor 1 Zimbra Collaboration Suite 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637.
CVE-2017-8801 1 Trendmicro 1 Officescan 2025-04-20 N/A
Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.