Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-8077 1 Tp-link 2 Tl-sg108e, Tl-sg108e Firmware 2025-04-20 N/A
On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
CVE-2016-5207 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page.
CVE-2015-5379 1 Axigen 1 Axigen Mail Server 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment.
CVE-2017-8178 1 Huawei 2 Vicky-al00, Vicky-al00 Firmware 2025-04-20 N/A
Huawei Email APP Vicky-AL00 smartphones with software of earlier than VKY-AL00C00B171 versions has a stored cross-site scripting vulnerability. A remote attacker could exploit this vulnerability to send email that storing malicious code to a smartphone and waiting for a user to access this email that triggers execution of the code. An exploit could allow the attacker to execute arbitrary script code on the affected device.
CVE-2017-9551 1 Mahara 1 Mahara 2025-04-20 N/A
Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account.
CVE-2017-11285 1 Adobe 1 Coldfusion 2025-04-20 6.1 Medium
Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
CVE-2017-14720 1 Wordpress 1 Wordpress 2025-04-20 N/A
Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.
CVE-2015-8815 1 Umbraco 1 Umbraco 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page.
CVE-2017-14718 1 Wordpress 1 Wordpress 2025-04-20 N/A
Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.
CVE-2017-14622 1 2kblater 1 2kb Amazon Affiliates Store 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php.
CVE-2017-7360 1 Lucidcrew 1 Pixie 2025-04-20 N/A
Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack.
CVE-2017-8298 1 Cnvs 1 Canvas 2025-04-20 N/A
cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users.
CVE-2017-8302 1 Blueriver 1 Muracms 2025-04-20 N/A
Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm.
CVE-2016-9119 3 Canonical, Debian, Moinmo 3 Ubuntu Linux, Debian Linux, Moinmoin 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4946 1 Cloudera 1 Hue 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.
CVE-2009-5145 1 Zope 1 Zope 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.
CVE-2017-10970 1 Cacti 1 Cacti 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php.
CVE-2017-1380 1 Ibm 1 Websphere Application Server 2025-04-20 N/A
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127151.
CVE-2017-2644 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 3.x, XSS can occur via evidence of prior learning.
CVE-2012-4378 1 Mediawiki 1 Mediawiki 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php.