Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-9767 1 Quali 1 Cloudshell 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate.
CVE-2017-9931 1 Greenpacket 2 Dx-350, Dx-350 Firmware 2025-04-20 N/A
Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi.
CVE-2017-9452 1 Piwigo 1 Piwigo 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2017-9366 1 Epesi 1 Epesi 2025-04-20 N/A
Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter.
CVE-2017-9356 1 Sitecore 1 Sitecore.net 2025-04-20 N/A
Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI.
CVE-2017-9337 1 Markdown On Save Improved Project 1 Markdown On Save Improved 2025-04-20 N/A
The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post.
CVE-2017-9336 1 Wp Editor.md Project 1 Wp Editor.md 2025-04-20 N/A
The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post.
CVE-2017-9306 1 Syspass 1 Syspass 2025-04-20 N/A
inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring.
CVE-2017-9252 1 Finecms Project 1 Finecms 2025-04-20 N/A
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action.
CVE-2015-3421 1 Eshop Project 1 Eshop 2025-04-20 N/A
The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables.
CVE-2017-8896 1 Owncloud 1 Owncloud 2025-04-20 N/A
ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.
CVE-2017-8792 1 Accellion 1 File Transfer Appliance 2025-04-20 N/A
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter.
CVE-2017-8745 1 Microsoft 1 Sharepoint Foundation 2025-04-20 N/A
An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability".
CVE-2017-8762 1 Genixcms 1 Genixcms 2025-04-20 N/A
GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element.
CVE-2015-5060 1 Anchorcms 1 Anchor Cms 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev.
CVE-2015-5169 1 Apache 1 Struts 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.
CVE-2015-5181 1 Redhat 3 Jboss A-mq, Jboss Amq, Jboss Fuse 2025-04-20 N/A
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.
CVE-2015-6027 1 Castlerock 1 Snmpc 2025-04-20 6.1 Medium
Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP.
CVE-2017-7891 1 Sourcebans-pp Project 1 Sourcebans-pp 2025-04-20 N/A
sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter.
CVE-2017-7666 1 Apache 1 Openmeetings 2025-04-20 N/A
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.