Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-9509 1 Atlassian 2 Crucible, Fisheye 2025-04-20 N/A
The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file.
CVE-2017-7256 1 Cmsmadesimple 1 Cms Made Simple 2025-04-20 N/A
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack.
CVE-2017-1169 1 Ibm 1 Rational Collaborative Lifecycle Management 2025-04-20 N/A
IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188.
CVE-2017-6811 1 Mangoswebv4 Project 1 Mangoswebv4 2025-04-20 N/A
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter).
CVE-2017-1546 1 Ibm 2 Rational Doors Next Generation, Rational Requirements Composer 2025-04-20 N/A
IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915.
CVE-2017-3828 1 Cisco 1 Unified Communications Manager 2025-04-20 N/A
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).
CVE-2017-7203 1 Zoneminder 1 Zoneminder 2025-04-20 N/A
A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-7276 1 Topdesk 1 Topdesk 2025-04-20 N/A
There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before 7.03.019.
CVE-2017-8052 1 Craftcms 1 Craft Cms 2025-04-20 N/A
Craft CMS before 2.6.2974 allows XSS attacks.
CVE-2017-3222 1 Inmarsat 1 Amosconnect 2025-04-20 9.8 Critical
Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.
CVE-2017-3186 1 Acti 1 Camera Firmware 2025-04-20 N/A
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.
CVE-2016-8491 1 Fortinet 1 Fortiwlc 2025-04-20 N/A
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
CVE-2016-9259 1 Tenable 1 Nessus 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-8127 1 Huawei 1 Uma 2025-04-20 N/A
The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.
CVE-2016-1179 1 Appleple 1 A-blog Cms 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.
CVE-2017-5532 1 Tibco 5 Jasperreports Library, Jasperreports Server, Jaspersoft and 2 more 2025-04-20 N/A
A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below.
CVE-2017-14984 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php.
CVE-2017-14981 1 Atutor 1 Atutor 2025-04-20 N/A
Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website.
CVE-2017-17995 1 Iwcnetwork 1 Biometric Shift Employee Management System 2025-04-20 N/A
Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.
CVE-2014-4925 2 Good, Google 2 Good For Enterprise, Android 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40.