Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7887 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-20 N/A
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
CVE-2017-7736 1 Fortinet 1 Fortiweb 2025-04-20 N/A
A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import.
CVE-2017-1000213 1 Wbce 1 Wbce Cms 2025-04-20 N/A
WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search
CVE-2017-8899 1 Invisioncommunity 1 Invision Power Board 2025-04-20 N/A
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation.
CVE-2017-8898 1 Invisioncommunity 1 Invision Power Board 2025-04-20 N/A
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/announcements/&action=create request. This is related to the "<> Source" option.
CVE-2017-8876 1 Getsymphony 1 Symphony 2025-04-20 6.1 Medium
Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php.
CVE-2017-8760 1 Accellion 1 File Transfer Appliance 2025-04-20 N/A
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding.
CVE-2016-4855 1 Adodb Project 1 Adodb 2025-04-20 N/A
Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-5584 1 Paloaltonetworks 1 Pan-os 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-2127 1 Yop-poll 1 Yop Poll 2025-04-20 N/A
Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-8622 1 Mediawiki 1 Mediawiki 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named "javascript:alert('XSS!')."
CVE-2017-8550 1 Microsoft 1 Office 2025-04-20 N/A
A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".
CVE-2017-15312 1 Huawei 1 Smartcare 2025-04-20 N/A
Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device.
CVE-2015-8349 1 Gameconnect 1 Sourcebans 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.
CVE-2016-4068 2 Opensuse, Roundcube 4 Leap, Opensuse, Roundcube Webmail and 1 more 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.
CVE-2015-7668 1 Easy2map 1 Easy2map 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter.
CVE-2017-11612 1 Joomla 1 Joomla\! 2025-04-20 N/A
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
CVE-2017-17431 1 Genixcms 1 Genixcms 2025-04-20 N/A
GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765.
CVE-2017-14724 1 Wordpress 1 Wordpress 2025-04-20 N/A
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.
CVE-2017-17569 1 Scubez 1 Posty Readymade Classifieds 2025-04-20 N/A
Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter.