Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-16856 1 Atlassian 1 Confluence 2025-04-20 N/A
The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.
CVE-2017-11612 1 Joomla 1 Joomla\! 2025-04-20 N/A
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
CVE-2015-9105 1 Synology 1 Video Station 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.
CVE-2017-12366 1 Cisco 1 Webex Meeting Center 2025-04-20 N/A
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78635,, CSCvg52440.
CVE-2017-17909 1 Responsive Realestate Script Project 1 Responsive Realestate Script 2025-04-20 N/A
PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.
CVE-2017-15219 1 Dotcms 1 Dotcms 2025-04-20 N/A
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field.
CVE-2015-7565 1 Emberjs 1 Ember.js 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.
CVE-2017-6817 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-20 N/A
In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.
CVE-2017-14093 1 Trendmicro 1 Scanmail 2025-04-20 N/A
The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.
CVE-2015-7562 1 Teampass 1 Teampass 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
CVE-2017-17986 1 Muslim Matrimonial Script Project 1 Muslim Matrimonial Script 2025-04-20 N/A
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter.
CVE-2017-17988 1 Muslim Matrimonial Script Project 1 Muslim Matrimonial Script 2025-04-20 N/A
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter.
CVE-2016-10305 1 Gotrango 22 Apex, Apex Firmware, Apex Lynx and 19 more 2025-04-20 9.8 Critical
Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.
CVE-2017-15214 1 Flyspray 1 Flyspray 2025-04-20 N/A
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.
CVE-2015-9102 1 Synology 1 Photo Station 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos.
CVE-2017-16956 1 Symphony Project 1 Symphony 2025-04-20 N/A
b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title.
CVE-2016-3409 1 Synacor 1 Zimbra Collaboration Suite 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637.
CVE-2016-3032 1 Ibm 1 Cognos Analytics 2025-04-20 N/A
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516.
CVE-2015-9103 1 Synology 1 Note Station 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.
CVE-2017-11355 1 Pega 1 Pega Platform 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page.