Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-16956 1 Symphony Project 1 Symphony 2025-04-20 N/A
b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title.
CVE-2015-8936 1 Squidguard 1 Squidguard 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link.
CVE-2017-16856 1 Atlassian 1 Confluence 2025-04-20 N/A
The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.
CVE-2016-9909 1 Html5lib 1 Html5lib 2025-04-20 N/A
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.
CVE-2017-2146 1 Cybozu 1 Garoon 2025-04-20 N/A
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.
CVE-2017-18004 1 Zurmo 1 Zurmo Crm 2025-04-20 N/A
Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint.
CVE-2017-2683 1 Siemens 1 Ruggedcom Network Management Software 2025-04-20 N/A
A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.
CVE-2012-5636 1 Apache 1 Wicket 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response.
CVE-2016-7509 1 Glpi-project 1 Glpi 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket.
CVE-2017-1348 1 Ibm 1 Sterling B2b Integrator 2025-04-20 N/A
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126524.
CVE-2014-0141 1 Redhat 1 Satellite 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.
CVE-2013-7451 1 Nodejs 1 Node.js 2025-04-20 N/A
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.
CVE-2013-7452 1 Nodejs 1 Node.js 2025-04-20 N/A
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
CVE-2017-12156 1 Moodle 1 Moodle 2025-04-20 N/A
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.
CVE-2017-17909 1 Responsive Realestate Script Project 1 Responsive Realestate Script 2025-04-20 N/A
PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.
CVE-2017-2114 1 Cybozu 1 Office 2025-04-20 N/A
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-12416 1 Paloaltonetworks 1 Pan-os 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation.
CVE-2017-17953 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2025-04-20 N/A
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.
CVE-2015-7711 1 Atutor 1 Atutor 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter.
CVE-2017-12460 1 Barco 4 Clickshare Csc-1, Clickshare Csc-1 Firmware, Clickshare Csm-1 and 1 more 2025-04-20 N/A
An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a specially crafted name, an HTML injection can be triggered as special characters are not neutralized before output.