Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-5998 1 Intersect Alliance 1 Snare Epilog 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the str_log_name parameter in a "Web Admin Portal > Log Configuration > Add" action.
CVE-2017-5942 1 Wp Mail Project 1 Wp Mail 2025-04-20 6.1 Medium
An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail.
CVE-2017-5945 1 Poodll 1 Moodle-filter Poodll 2025-04-20 N/A
An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodll_audio_url" HTTP GET parameter passed to the "filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-5938 4 Debian, Opensuse, Opensuse Project and 1 more 4 Debian Linux, Leap, Leap and 1 more 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.
CVE-2016-8950 1 Ibm 1 Emptoris Sourcing 2025-04-20 N/A
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118837.
CVE-2017-5875 1 Dotcms 1 Dotcms 2025-04-20 N/A
XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter.
CVE-2017-11629 1 Finecms 1 Finecms 2025-04-20 N/A
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
CVE-2017-11727 1 Connectwise 1 Manage 2025-04-20 N/A
services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS.
CVE-2017-11744 1 Modx 1 Modx Revolution 2025-04-20 N/A
In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module.
CVE-2016-7111 1 Mantisbt 1 Mantisbt 2025-04-20 N/A
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2017-9452 1 Piwigo 1 Piwigo 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2016-7136 1 Plone 1 Plone 2025-04-20 N/A
z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.
CVE-2017-14717 1 Telaxius 1 Epesi 2025-04-20 N/A
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.
CVE-2017-11163 1 Cacti 1 Cacti 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.
CVE-2017-8792 1 Accellion 1 File Transfer Appliance 2025-04-20 N/A
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter.
CVE-2016-7140 1 Plone 1 Plone 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-8745 1 Microsoft 1 Sharepoint Foundation 2025-04-20 N/A
An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability".
CVE-2017-14651 1 Wso2 17 Api Manager, App Manager, Application Server and 14 more 2025-04-20 4.8 Medium
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
CVE-2017-8762 1 Genixcms 1 Genixcms 2025-04-20 N/A
GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element.
CVE-2017-17043 1 Zitec 1 Emag Marketplace Connector 2025-04-20 N/A
The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.