Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-9781 1 Check Mk Project 1 Check Mk 2025-04-20 N/A
A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/html.
CVE-2017-9366 1 Epesi 1 Epesi 2025-04-20 N/A
Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter.
CVE-2017-9356 1 Sitecore 1 Sitecore.net 2025-04-20 N/A
Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI.
CVE-2017-9813 1 Kaspersky 1 Anti-virus For Linux Server 2025-04-20 N/A
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).
CVE-2017-9337 1 Markdown On Save Improved Project 1 Markdown On Save Improved 2025-04-20 N/A
The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post.
CVE-2017-9336 1 Wp Editor.md Project 1 Wp Editor.md 2025-04-20 N/A
The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post.
CVE-2017-9306 1 Syspass 1 Syspass 2025-04-20 N/A
inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring.
CVE-2017-12971 1 Apache2triad 1 Apache2triad 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php.
CVE-2017-9252 1 Finecms Project 1 Finecms 2025-04-20 N/A
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action.
CVE-2017-9243 1 Aries Networks 2 Qwr-1104 Wireless-n Router, Qwr-1104 Wireless-n Router Firmware 2025-04-20 N/A
Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point.
CVE-2017-9244 1 Trello 1 Trello 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the Trello app before 4.0.8 for iOS might allow remote attackers to inject arbitrary web script or HTML by uploading and attaching a crafted photo to a Card.
CVE-2017-15947 1 Aspsource 1 Simple Asc Content Management System 2025-04-20 5.4 Medium
Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp.
CVE-2015-2885 1 Lens Laboratories 2 Peek-a-view, Peek-a-view Firmware 2025-04-20 N/A
Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.
CVE-2015-2882 1 Philips 1 In.sight B120\\37 2025-04-20 N/A
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.
CVE-2016-3410 1 Synacor 1 Zimbra Collaboration Suite 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839.
CVE-2012-4377 1 Mediawiki 1 Mediawiki 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image.
CVE-2015-2881 1 Gynoii 3 Gcw-1010, Gcw-1020, Gpw-1025 2025-04-20 N/A
Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.
CVE-2012-4569 1 Letodms Project 1 Letodms 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in out/out.UsrMgr.php in LetoDMS (formerly MyDMS) before 3.3.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-7666 1 Apache 1 Openmeetings 2025-04-20 N/A
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
CVE-2017-7583 1 Ilias 1 Ilias 2025-04-20 N/A
ILIAS before 5.2.3 has XSS via SVG documents.