Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-17451 1 Wpmailster 1 Wp Mailster 2025-04-20 N/A
The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
CVE-2017-6811 1 Mangoswebv4 Project 1 Mangoswebv4 2025-04-20 N/A
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter).
CVE-2017-8052 1 Craftcms 1 Craft Cms 2025-04-20 N/A
Craft CMS before 2.6.2974 allows XSS attacks.
CVE-2017-13762 1 Onosproject 1 Onos 2025-04-20 N/A
ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.
CVE-2017-11289 1 Adobe 1 Connect 2025-04-20 N/A
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
CVE-2015-2690 1 Digium 1 Addons Module 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the (1) add_license_key, (2) add_license_first_name, (3) add_license_last_name, (4) add_license_company, (5) add_license_address1, (6) add_license_address2, (7) add_license_city, (8) add_license_state, (9) add_license_post_code, (10) add_license_country, (11) add_license_phone, or (12) add_license_email parameter in an add-license-form page to admin/config.php.
CVE-2017-12131 1 Goldplugins 1 Easy Testimonials 2025-04-20 N/A
The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens.
CVE-2017-2255 1 Cybozu 1 Garoon 2025-04-20 N/A
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".
CVE-2017-17059 1 Amtythumb Project 1 Amtythumb 2025-04-20 N/A
XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php.
CVE-2010-3659 1 Typo3 1 Typo3 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms.
CVE-2017-8832 1 Allen Disk Project 1 Allen Disk 2025-04-20 N/A
Allen Disk 1.6 has XSS in the id parameter to downfile.php.
CVE-2017-8839 1 Peplink 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more 2025-04-20 N/A
XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi.
CVE-2015-5381 1 Roundcube 2 Roundcube Webmail, Webmail 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
CVE-2017-14422 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 7.5 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
CVE-2017-1531 1 Ibm 1 Business Process Manager 2025-04-20 N/A
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410.
CVE-2017-2222 1 Butlerblog 1 Wp-members 2025-04-20 N/A
Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-13778 1 Fiyo 1 Fiyo Cms 2025-04-20 N/A
Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter.
CVE-2017-9140 1 Progress 2 Sitefinity Cms, Telerik Reporting 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.
CVE-2014-0208 2 Redhat, Theforeman 2 Satellite, Foreman 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
CVE-2017-4976 1 Emc 1 Esrs Policy Manager 2025-04-20 N/A
EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server.