Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-9979 1 Osnexus 1 Quantastor 2025-04-20 N/A
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS.
CVE-2017-7462 1 Intellinet-network 2 Nfc-30ir, Nfc-30ir Firmware 2025-04-20 N/A
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.
CVE-2014-3531 2 Redhat, Theforeman 2 Satellite, Foreman 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description.
CVE-2017-9934 1 Joomla 1 Joomla\! 2025-04-20 N/A
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.
CVE-2017-5870 1 Vimbadmin 1 Vimbadmin 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (4) goto parameter to alias/add/did/<domain id>; or the (5) captchatext parameter to auth/lost-password.
CVE-2017-7421 1 Microfocus 4 Directory Server, Enterprise Developer, Enterprise Server and 1 more 2025-04-20 N/A
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.
CVE-2014-6191 1 Ibm 1 Curam Social Program Management 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568.
CVE-2015-7980 1 Compass Rose Project 1 Compass Rose 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."
CVE-2017-2683 1 Siemens 1 Ruggedcom Network Management Software 2025-04-20 N/A
A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.
CVE-2016-3410 1 Synacor 1 Zimbra Collaboration Suite 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839.
CVE-2016-8751 1 Apache 1 Ranger 2025-04-20 N/A
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.
CVE-2017-17988 1 Muslim Matrimonial Script Project 1 Muslim Matrimonial Script 2025-04-20 N/A
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter.
CVE-2015-5532 1 Strangerstudios 1 Paid Memberships Pro 2025-04-20 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php.
CVE-2017-16760 1 Inedo 1 Buildmaster 2025-04-20 N/A
Inedo BuildMaster before 5.8.2 has XSS.
CVE-2017-12971 1 Apache2triad 1 Apache2triad 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php.
CVE-2015-8667 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
CVE-2015-2882 1 Philips 1 In.sight B120\\37 2025-04-20 N/A
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.
CVE-2017-17868 1 Liferay 1 Liferay Portal 2025-04-20 N/A
In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag.
CVE-2017-2146 1 Cybozu 1 Garoon 2025-04-20 N/A
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.
CVE-2017-14721 1 Wordpress 1 Wordpress 2025-04-20 N/A
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.