Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8748 1 Apache 1 Nifi 2025-04-20 N/A
In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.
CVE-2016-9723 1 Ibm 2 Qradar Incident Forensics, Qradar Security Information And Event Manager 2025-04-20 N/A
IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.
CVE-2015-5181 1 Redhat 3 Jboss A-mq, Jboss Amq, Jboss Fuse 2025-04-20 N/A
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.
CVE-2017-8838 1 Peplink 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more 2025-04-20 N/A
XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.
CVE-2017-2169 1 Maxbuttons Project 1 Maxbuttons 2025-04-20 N/A
Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2867 1 Trane 1 Comfortlink Ii Firmware 2025-04-20 N/A
A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.
CVE-2017-6734 1 Cisco 1 Identity Services Engine 2025-04-20 N/A
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800).
CVE-2017-14753 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php.
CVE-2017-14751 1 Intensewp 1 Wp Jobs 2025-04-20 N/A
The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field.
CVE-2017-6973 1 Mantisbt 1 Mantisbt 2025-04-20 N/A
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.
CVE-2016-4056 1 Typo3 1 Typo3 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark.
CVE-2016-8924 1 Ibm 1 Maximo Asset Management 2025-04-20 N/A
IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537.
CVE-2017-3890 1 Blackberry 2 Appliance-x, Workspaces Vapp 2025-04-20 6.1 Medium
A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link.
CVE-2017-12812 1 Stivasoft 1 Phpjabbers Night Club Booking Software 2025-04-20 N/A
PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab.
CVE-2017-7554 1 Redhat 1 Mobile Application Platform 2025-04-20 N/A
It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio.
CVE-2017-11351 1 Axesstel 2 Mu553s, Mu553s Firmware 2025-04-20 N/A
Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account.
CVE-2017-7583 1 Ilias 1 Ilias 2025-04-20 N/A
ILIAS before 5.2.3 has XSS via SVG documents.
CVE-2015-5282 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
CVE-2017-2528 1 Apple 2 Iphone Os, Safari 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames.
CVE-2016-4327 1 Wso2 1 Enablement Server For Java 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.