Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-10201 1 Zoneminder 1 Zoneminder 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.
CVE-2017-10838 1 Seopanel 1 Seo Panel 2025-04-20 N/A
Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-9674 1 Simplece 1 Simplece 2025-04-20 N/A
In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user.
CVE-2017-9668 1 Cmsmadesimple 1 Cms Made Simple 2025-04-20 N/A
In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action.
CVE-2017-8760 1 Accellion 1 File Transfer Appliance 2025-04-20 N/A
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding.
CVE-2017-8876 1 Getsymphony 1 Symphony 2025-04-20 6.1 Medium
Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php.
CVE-2017-8898 1 Invisioncommunity 1 Invision Power Board 2025-04-20 N/A
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/announcements/&action=create request. This is related to the "<> Source" option.
CVE-2017-8899 1 Invisioncommunity 1 Invision Power Board 2025-04-20 N/A
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation.
CVE-2016-10202 1 Zoneminder 1 Zoneminder 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php.
CVE-2017-9655 1 Osisoft 3 Pi Integrator For Business Analystics, Pi Integrator For Microsoft Azure, Pi Integrator For Sap Hana 2025-04-20 N/A
A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site.
CVE-2017-10673 1 Get-simple 1 Getsimple Cms 2025-04-20 6.1 Medium
admin/profile.php in GetSimple CMS 3.x has XSS in a name field.
CVE-2017-9556 1 Synology 1 Video Station 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter.
CVE-2017-9548 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change).
CVE-2017-10667 1 Zen-cart 1 Zen Cart 2025-04-20 N/A
In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS.
CVE-2017-9547 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change).
CVE-2017-2216 1 W3eden 1 Download Manager 2025-04-20 N/A
Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-9361 1 Websitebaker 1 Websitebaker 2025-04-20 N/A
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.
CVE-2017-6351 1 Wepresent 2 Wipg-1500, Wipg-1500 Firmware 2025-04-20 N/A
The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account. This account is not documented, nor is the DEBUG feature or the use of telnetd on port tcp/5885.
CVE-2017-2135 1 Wp-statistics 1 Wp Statistics 2025-04-20 N/A
Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-12068 1 Event List Project 1 Event List 2025-04-20 N/A
The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action.