Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-14620 1 Smartertools 1 Smarterstats 2025-04-20 N/A
SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.
CVE-2015-5060 1 Anchorcms 1 Anchor Cms 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev.
CVE-2017-14621 1 Suse 1 Portus 2025-04-20 N/A
Portus 2.2.0 has XSS via the Team field, related to typeahead.
CVE-2016-2979 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945.
CVE-2016-2992 1 Ibm 1 Biginsights 2025-04-20 N/A
IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2015-7275 1 Dell 4 Integrated Remote Access Controller 6, Integrated Remote Access Controller 7, Integrated Remote Access Controller 8 and 1 more 2025-04-20 N/A
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.
CVE-2017-3104 2 Adobe, Microsoft 2 Robohelp, Windows 2025-04-20 N/A
Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.
CVE-2016-3018 1 Ibm 3 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web 2025-04-20 N/A
IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-3038 1 Ibm 1 Cognos Business Intelligence 2025-04-20 N/A
IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114614.
CVE-2016-3408 1 Synacor 1 Zimbra Collaboration Suite 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813.
CVE-2016-3412 1 Synacor 1 Zimbra Collaboration Suite 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791.
CVE-2017-3890 1 Blackberry 2 Appliance-x, Workspaces Vapp 2025-04-20 6.1 Medium
A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link.
CVE-2017-2969 1 Adobe 1 Campaign 2025-04-20 N/A
Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability.
CVE-2015-3615 1 Fortinet 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack.
CVE-2017-2504 1 Apple 3 Iphone Os, Safari, Tvos 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with WebKit Editor commands.
CVE-2017-14712 1 Telaxius 1 Epesi 2025-04-20 N/A
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.
CVE-2017-14921 1 Tine20 1 Tine 2.0 2025-04-20 N/A
Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
CVE-2017-14922 1 Tine20 1 Tine 2.0 2025-04-20 N/A
Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
CVE-2015-3421 1 Eshop Project 1 Eshop 2025-04-20 N/A
The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables.
CVE-2017-14923 1 Tine20 1 Tine 2.0 2025-04-20 N/A
Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.