Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-2216 1 W3eden 1 Download Manager 2025-04-20 N/A
Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-2336 1 Juniper 1 Screenos 2025-04-20 N/A
A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
CVE-2017-1502 1 Ibm 1 Content Navigator 2025-04-20 N/A
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129577.
CVE-2017-2224 1 Web-dorado 1 Event Calendar Wd 2025-04-20 N/A
Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-3998 2 Clickfraud-monitoring, Phpwhois Project 2 Adsense-click-fraud-monitoring, Phpwhois 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML via the query parameter to whois.php.
CVE-2017-3103 1 Adobe 1 Connect 2025-04-20 N/A
Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack.
CVE-2017-2284 1 Code-atlantic 1 Popup Maker 2025-04-20 N/A
Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-7388 1 Wallaceit 1 Wallacepos 2025-04-20 6.1 Medium
A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the 'wallacepos-master/myaccount/resetpassword.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-16781 1 Mybb 1 Mybb 2025-04-20 N/A
The installer in MyBB before 1.8.13 has XSS.
CVE-2017-16784 1 Cmsmadesimple 1 Cms Made Simple 2025-04-20 N/A
In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.
CVE-2017-16785 1 Cacti 1 Cacti 2025-04-20 N/A
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
CVE-2017-6391 1 Kaltura 1 Kaltura Server 2025-04-20 N/A
An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "admin_console/web/tools/SimpleJWPlayer.php" URL, the "admin_console/web/tools/AkamaiBroadcaster.php" URL, the "admin_console/web/tools/bigRedButton.php" URL, and the "admin_console/web/tools/bigRedButtonPtsPoc.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-14070 1 Nexusphp 1 Nexusphp 2025-04-20 N/A
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF.
CVE-2014-9557 1 Smartwebsites 1 Smartcms 2025-04-20 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2.
CVE-2017-16810 1 Octopus 1 Octopus Deploy 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter.
CVE-2017-14192 1 Finecms Project 1 Finecms 2025-04-20 N/A
The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field.
CVE-2015-2887 1 Ibaby 2 M3s Baby Monitor, M3s Baby Monitor Firmware 2025-04-20 N/A
iBaby M3S has a password of admin for the backdoor admin account.
CVE-2015-2883 1 Philips 1 In.sight B120\\37 2025-04-20 N/A
Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php.
CVE-2015-2867 1 Trane 1 Comfortlink Ii Firmware 2025-04-20 N/A
A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.
CVE-2016-3113 1 Redhat 1 Ovirt-engine 2025-04-20 6.1 Medium
Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML.