Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-10125 1 Dlink 13 Dgs-1100-05, Dgs-1100-05pd, Dgs-1100-08 and 10 more 2025-04-20 N/A
D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session.
CVE-2017-17948 1 Cells 1 Blog 2025-04-20 N/A
Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request.
CVE-2015-3432 1 Pydio 1 Pydio 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS Vulnerabilities."
CVE-2017-18006 1 Extensis 1 Portfolio Netpublish 2025-04-20 N/A
netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447.
CVE-2017-6489 1 Epesi 1 Epesi 2025-04-20 6.1 Medium
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to the EPESI-master/modules/Utils/Watchdog/subscribe.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-17994 1 Iwcnetwork 1 Biometric Shift Employee Management System 2025-04-20 N/A
Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request.
CVE-2017-9459 1 Paloaltonetworks 1 Pan-os 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-17904 1 Fortunescripts 1 Lynda Clone 2025-04-20 N/A
FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile.
CVE-2017-17753 1 Csv-import-export Project 1 Csv-import-export 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore parameter to includes/admin/views/esb-cie-import-export-page.php.
CVE-2015-8310 1 Fomori 1 Cherrymusic 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.
CVE-2017-17869 1 Mgl-instagram-gallery Project 1 Mgl-instagram-gallery 2025-04-20 N/A
The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.
CVE-2017-12413 1 Axis 2 2100 Network Camera, 2100 Network Camera Firmware 2025-04-20 N/A
AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml.
CVE-2015-4072 1 Helpdesk Pro Project 1 Helpdesk Pro 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.
CVE-2017-12680 1 Nexusphp Project 1 Nexusphp 2025-04-20 N/A
Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.
CVE-2016-3032 1 Ibm 1 Cognos Analytics 2025-04-20 N/A
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516.
CVE-2010-3659 1 Typo3 1 Typo3 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms.
CVE-2017-17933 1 Netwin 1 Surgeftp 2025-04-20 6.1 Medium
cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.
CVE-2017-17937 1 Vanguard Project 1 Marketplace Digital Products Php 2025-04-20 N/A
Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.
CVE-2017-1335 1 Ibm 1 Rational Engineering Lifecycle Manager 2025-04-20 N/A
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126243.
CVE-2013-7451 1 Nodejs 1 Node.js 2025-04-20 N/A
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.