Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-6479 1 Fenix Hosting 1 Fenix-open-source 2025-04-20 N/A
FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter).
CVE-2017-6480 1 Groovel Project 1 Cmsgroovel 2025-04-20 N/A
groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter).
CVE-2017-6487 1 Epesi 1 Epesi 2025-04-20 6.1 Medium
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to the "EPESI-master/modules/Utils/RecordBrowser/favorites.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-6488 1 Epesi 1 Epesi 2025-04-20 6.1 Medium
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (visible, tab, cid) passed to the EPESI-master/modules/Utils/RecordBrowser/Filters/save_filters.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-6537 1 Webpagetest Project 1 Webpagetest 2025-04-20 N/A
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (bgcolor) passed to the webpagetest-master/www/video/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-6544 1 Wuhu Project 1 Wuhu 2025-04-20 N/A
Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuhu-master/www_admin/users.php (id parameter).
CVE-2017-6559 1 Agora-project 1 Agora-project 2025-04-20 N/A
XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack.
CVE-2017-6560 1 Agora-project 1 Agora-project 2025-04-20 N/A
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack.
CVE-2017-6562 1 Agora-project 1 Agora-project 2025-04-20 N/A
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack.
CVE-2017-7316 1 Humaxdigital 2 Hg100r, Hg100r Firmware 2025-04-20 N/A
An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page.
CVE-2017-7248 1 Gazelle Project 1 Gazelle 2025-04-20 N/A
A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (type) passed to the 'Gazelle-master/sections/better/transcode.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-7257 1 Cmsmadesimple 1 Cms Made Simple 2025-04-20 N/A
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack.
CVE-2017-7271 1 Yii Software 1 Yii 2025-04-20 N/A
Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen.
CVE-2017-7362 1 Lucidcrew 1 Pixie 2025-04-20 N/A
Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack.
CVE-2017-7386 1 Symetrie Project 1 Symetrie 2025-04-20 N/A
citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter).
CVE-2017-7387 1 Helpmewatchwho Project 1 Helpmewatchwho 2025-04-20 N/A
TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a reflected XSS in HelpMeWatchWho-master/unaired.php (episodeID parameter).
CVE-2017-7666 1 Apache 1 Openmeetings 2025-04-20 N/A
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
CVE-2016-8754 1 Huawei 2 Oceanstor 5600 V3, Oceanstor 5600 V3 Firmware 2025-04-20 N/A
Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH.
CVE-2017-12647 1 Liferay 1 Liferay Portal 2025-04-20 N/A
XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.
CVE-2017-14036 1 Crushftp 1 Crushftp 2025-04-20 N/A
CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS.