Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-4333 1 Scilico 1 Labwiki 2025-04-20 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php.
CVE-2017-7298 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element.
CVE-2017-15009 1 Paessler 1 Prtg Network Monitor 2025-04-20 N/A
PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter.
CVE-2017-11289 1 Adobe 1 Connect 2025-04-20 N/A
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
CVE-2017-17744 1 Webdesi9 1 Custom Map 2025-04-20 N/A
A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php.
CVE-2017-17745 1 Tp-link 2 Tl-sg108e, Tl-sg108e Firmware 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter.
CVE-2017-17778 1 Paid To Read Script Project 1 Paid To Read Script 2025-04-20 N/A
Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter.
CVE-2017-13762 1 Onosproject 1 Onos 2025-04-20 N/A
ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.
CVE-2017-16906 1 Horde 1 Groupware 2025-04-20 N/A
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.
CVE-2017-3186 1 Acti 1 Camera Firmware 2025-04-20 N/A
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.
CVE-2017-3222 1 Inmarsat 1 Amosconnect 2025-04-20 9.8 Critical
Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.
CVE-2017-5003 2 Emc, Rsa 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance 2025-04-20 6.1 Medium
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.
CVE-2017-5532 1 Tibco 5 Jasperreports Library, Jasperreports Server, Jaspersoft and 2 more 2025-04-20 N/A
A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below.
CVE-2017-9932 1 Greenpacket 2 Dx-350, Dx-350 Firmware 2025-04-20 N/A
Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account.
CVE-2017-1000146 1 Mahara 1 Mahara 2025-04-20 N/A
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages.
CVE-2017-8052 1 Craftcms 1 Craft Cms 2025-04-20 N/A
Craft CMS before 2.6.2974 allows XSS attacks.
CVE-2017-6811 1 Mangoswebv4 Project 1 Mangoswebv4 2025-04-20 N/A
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter).
CVE-2017-5191 1 Netiq 1 Access Manager 2025-04-20 N/A
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
CVE-2017-9934 1 Joomla 1 Joomla\! 2025-04-20 N/A
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.
CVE-2017-1000132 1 Mahara 1 Mahara 2025-04-20 N/A
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file.