Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-10676 2 D-link, Dlink 2 Dir-600m Firmware, Dir-600m 2025-04-20 N/A
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter.
CVE-2017-11351 1 Axesstel 2 Mu553s, Mu553s Firmware 2025-04-20 N/A
Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account.
CVE-2016-5075 1 Cloudviewnms 1 Cloudview Nms 2025-04-20 N/A
CloudView NMS before 2.10a has XSS via a TELNET login.
CVE-2016-5077 1 Netikus 1 Eventsentry 2025-04-20 N/A
Netikus EventSentry before 3.2.1.44 has XSS via SNMP.
CVE-2017-1000149 1 Mahara 1 Mahara 2025-04-20 N/A
Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open())
CVE-2017-1000088 1 Jenkins 1 Sidebar Link 2025-04-20 N/A
The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links.
CVE-2016-5078 1 Paessler 1 Prtg Network Monitor 2025-04-20 N/A
Paessler PRTG before 16.2.24.4045 has XSS via SNMP.
CVE-2017-1000054 1 Rocketchat 1 Rocket.chat 2025-04-20 N/A
Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.
CVE-2016-5205 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
CVE-2017-1000033 1 Vospari Forms Project 1 Vospari Forms 2025-04-20 N/A
Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user.
CVE-2017-1000032 1 Cacti 1 Cacti 2025-04-20 N/A
Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.
CVE-2017-1000023 1 Logicaldoc 1 Logicaldoc 2025-04-20 N/A
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document.
CVE-2017-1000012 1 Mysqldumper 1 Mysqldumper 2025-04-20 N/A
MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to the user
CVE-2017-1000015 1 Phpmyadmin 1 Phpmyadmin 2025-04-20 N/A
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters
CVE-2017-1000006 1 Plotly 1 Plotly.js 2025-04-20 N/A
Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue.
CVE-2016-5884 1 Ibm 2 Domino, Inotes 2025-04-20 N/A
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2017-14715 1 Telaxius 1 Epesi 2025-04-20 N/A
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.
CVE-2016-5899 1 Ibm 1 Jazz Reporting Service 2025-04-20 N/A
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-5932 1 Ibm 1 Connections 2025-04-20 N/A
IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294.
CVE-2016-5940 1 Ibm 1 Kenexa Lms 2025-04-20 N/A
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.