Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-18004 1 Zurmo 1 Zurmo Crm 2025-04-20 N/A
Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint.
CVE-2017-17988 1 Muslim Matrimonial Script Project 1 Muslim Matrimonial Script 2025-04-20 N/A
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter.
CVE-2015-8667 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
CVE-2015-8354 1 Ultimatemember 1 Ultimate Member 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php.
CVE-2017-17949 1 Cells 1 Blog 2025-04-20 N/A
Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter.
CVE-2017-17940 1 Single Theater Booking Script Project 1 Single Theater Booking Script 2025-04-20 N/A
PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php.
CVE-2015-2144 1 Phpbugtracker Project 1 Phpbugtracker 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js parameter to group.php; the (4) Description parameter to status.php; the (5) Description parameter to severity.php; the (6) Regex parameter to os.php; or the (7) Name parameter to database.php.
CVE-2017-16765 1 Dlink 2 Dwr-933, Dwr-933 Firmware 2025-04-20 6.1 Medium
XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi.
CVE-2017-3125 1 Fortinet 1 Fortimail 2025-04-20 N/A
An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker.
CVE-2015-4673 1 Clip-bucket 1 Clipbucket 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3) photo_tags, or (4) photo_title parameter to upload/actions/photo_uploader.php.
CVE-2017-8758 1 Microsoft 1 Exchange Server 2025-04-20 6.1 Medium
Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability."
CVE-2014-4925 2 Good, Google 2 Good For Enterprise, Android 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40.
CVE-2014-6189 1 Ibm 8 Security Network Protection 3100, Security Network Protection 3100 Firmware, Security Network Protection 4100 and 5 more 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-7215 1 Misp Project 1 Misp 2025-04-20 N/A
Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML.
CVE-2015-4687 1 Ellucian 1 Banner Student 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6705 1 Jamroom 1 Jamroom 2025-04-20 N/A
Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field.
CVE-2017-1000043 1 Mapbox 1 Mapbox.js 2025-04-20 6.1 Medium
Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control
CVE-2017-12794 1 Djangoproject 1 Django 2025-04-20 N/A
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
CVE-2016-8954 1 Ibm 1 Dashdb Local 2025-04-20 N/A
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database.
CVE-2016-9148 1 Ca 1 Service Desk Manager 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter.