Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8359 1 Moxa 19 Iologik E1200 Series Firmware, Iologik E1210, Iologik E1211 and 16 more 2025-04-20 6.1 Medium
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application fails to sanitize user input, which may allow an attacker to inject script or execute arbitrary code (CROSS-SITE SCRIPTING).
CVE-2017-9132 1 Mimosa 2 Backhaul Radios, Client Radios 2025-04-20 N/A
A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded credentials to connect to the broker on any device (whether it be an AP, Client, or Backhaul model), an attacker can view all the messages being sent between the devices. If an attacker connects to an AP, the AP will leak information about any clients connected to it, including the serial numbers, which can be used to remotely factory reset the clients via a page in their web interface.
CVE-2014-9514 1 Bmc 1 Footprints Service Core 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5.
CVE-2017-14036 1 Crushftp 1 Crushftp 2025-04-20 N/A
CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS.
CVE-2017-13697 1 Finecms Project 1 Finecms 2025-04-20 N/A
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.
CVE-2017-9292 1 Lansweeper 1 Lansweeper 2025-04-20 N/A
Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782.
CVE-2016-8491 1 Fortinet 1 Fortiwlc 2025-04-20 N/A
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
CVE-2017-11737 1 Rspamd Project 1 Rspamd 2025-04-20 N/A
interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page.
CVE-2017-7871 1 Tdm Project 1 Tdm 2025-04-20 N/A
trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter).
CVE-2015-8350 1 Inboundnow 1 Call To Action 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab parameter in a wp_cta_global_settings action to wp-admin/edit.php or (2) wp-cta-variation-id parameter to ab-testing-call-to-action-example/.
CVE-2017-1485 1 Ibm 1 Cognos Analytics 2025-04-20 N/A
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623.
CVE-2017-12948 1 Pressforward 1 Pressforward 2025-04-20 N/A
Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF.
CVE-2015-8375 1 Php-fusion 1 Php-fusion 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in PHP-Fusion 9.
CVE-2017-10991 1 Wp-statistics 1 Wp Statistics 2025-04-20 N/A
The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.
CVE-2017-11677 1 Hashtopus Project 1 Hashtopus 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php.
CVE-2017-1168 1 Ibm 1 Rational Engineering Lifecycle Manager 2025-04-20 N/A
IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123187.
CVE-2017-11685 1 Zohocorp 1 Manageengine Eventlog Analyzer 2025-04-20 N/A
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter.
CVE-2017-1164 1 Ibm 1 Rational Collaborative Lifecycle Management 2025-04-20 N/A
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036.
CVE-2015-8687 1 Alcatel-lucent 1 Motive Home Device Manager 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do.
CVE-2015-9230 1 Ait-pro 1 Bulletproof Security 2025-04-20 4.8 Medium
In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter.