Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-11744 1 Modx 1 Modx Revolution 2025-04-20 N/A
In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module.
CVE-2017-11727 1 Connectwise 1 Manage 2025-04-20 N/A
services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS.
CVE-2017-7248 1 Gazelle Project 1 Gazelle 2025-04-20 N/A
A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (type) passed to the 'Gazelle-master/sections/better/transcode.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2015-5282 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
CVE-2017-2122 1 Tenable 1 Nessus 2025-04-20 N/A
Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-11716 1 Metinfo Project 1 Metinfo 2025-04-20 N/A
MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode.
CVE-2017-6958 1 Mantisbt 1 Source Integration 2025-04-20 6.1 Medium
An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter.
CVE-2017-11687 1 Zohocorp 1 Manageengine Eventlog Analyzer 2025-04-20 N/A
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog.
CVE-2015-1177 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.
CVE-2017-14192 1 Finecms Project 1 Finecms 2025-04-20 N/A
The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field.
CVE-2017-11686 1 Zohocorp 1 Manageengine Eventlog Analyzer 2025-04-20 N/A
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.
CVE-2017-11651 1 Nexusphp 1 Nexusphp 2025-04-20 6.1 Medium
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.
CVE-2017-11629 1 Finecms 1 Finecms 2025-04-20 N/A
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
CVE-2017-5164 1 Binom3 2 Universal Multifunctional Electric Power Quality Meter, Universal Multifunctional Electric Power Quality Meter Firmware 2025-04-20 N/A
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Input sent from a malicious client is not properly verified by the server. An attacker can execute arbitrary script code in another user's browser session (CROSS-SITE SCRIPTING).
CVE-2017-6391 1 Kaltura 1 Kaltura Server 2025-04-20 N/A
An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "admin_console/web/tools/SimpleJWPlayer.php" URL, the "admin_console/web/tools/AkamaiBroadcaster.php" URL, the "admin_console/web/tools/bigRedButton.php" URL, and the "admin_console/web/tools/bigRedButtonPtsPoc.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-15305 1 Nexusphp Project 1 Nexusphp 2025-04-20 N/A
XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php.
CVE-2016-7111 1 Mantisbt 1 Mantisbt 2025-04-20 N/A
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2017-14753 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php.
CVE-2017-1120 1 Ibm 1 Websphere Portal 2025-04-20 N/A
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152.
CVE-2017-11198 1 Finecms Project 1 Finecms 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter.