Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-3615 1 Fortinet 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack.
CVE-2016-3412 1 Synacor 1 Zimbra Collaboration Suite 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791.
CVE-2017-8139 1 Huawei 1 Hedex Lite 2025-04-20 N/A
HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users.
CVE-2017-15612 1 Mistune Project 1 Mistune 2025-04-20 N/A
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
CVE-2017-8103 1 Mybb 1 Mybb 2025-04-20 N/A
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
CVE-2017-9336 1 Wp Editor.md Project 1 Wp Editor.md 2025-04-20 N/A
The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post.
CVE-2017-9337 1 Markdown On Save Improved Project 1 Markdown On Save Improved 2025-04-20 N/A
The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post.
CVE-2017-14321 1 Mirasvit 1 Helpdesk Mx 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) customer name or (2) subject in a ticket.
CVE-2016-2979 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945.
CVE-2016-5932 1 Ibm 1 Connections 2025-04-20 N/A
IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294.
CVE-2015-2867 1 Trane 1 Comfortlink Ii Firmware 2025-04-20 N/A
A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.
CVE-2017-5608 1 Piwigo 1 Piwigo 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename.
CVE-2016-5884 1 Ibm 2 Domino, Inotes 2025-04-20 N/A
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2015-2883 1 Philips 1 In.sight B120\\37 2025-04-20 N/A
Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php.
CVE-2015-2887 1 Ibaby 2 M3s Baby Monitor, M3s Baby Monitor Firmware 2025-04-20 N/A
iBaby M3S has a password of admin for the backdoor admin account.
CVE-2017-5620 1 Zammad 1 Zammad 2025-04-20 N/A
An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application.
CVE-2017-5621 1 Zammad 1 Zammad 2025-04-20 N/A
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API.
CVE-2017-6544 1 Wuhu Project 1 Wuhu 2025-04-20 N/A
Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuhu-master/www_admin/users.php (id parameter).
CVE-2017-8838 1 Peplink 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more 2025-04-20 N/A
XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.
CVE-2017-6537 1 Webpagetest Project 1 Webpagetest 2025-04-20 N/A
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (bgcolor) passed to the webpagetest-master/www/video/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.