Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7665 1 Apache 1 Nifi 2025-04-20 N/A
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
CVE-2017-9622 1 Epesi 1 Epesi 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data.
CVE-2017-9621 1 Epesi 1 Epesi 2025-04-20 6.1 Medium
Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter.
CVE-2017-6067 1 Getsymphony 1 Symphony 2025-04-20 N/A
Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.
CVE-2017-5085 3 Apple, Google, Redhat 3 Iphone Os, Chrome, Rhel Extras 2025-04-20 N/A
Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark.
CVE-2017-5045 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2025-04-20 6.1 Medium
XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page.
CVE-2017-1457 1 Ibm 1 Qradar Network Security 2025-04-20 N/A
IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128376.
CVE-2017-7626 1 Smart Related Articles Project 1 Smart Related Articles 2025-04-20 N/A
The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).
CVE-2017-15291 1 Tp-link 2 Tl-mr3220, Tl-mr3220 Firmware 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field.
CVE-2017-17995 1 Iwcnetwork 1 Biometric Shift Employee Management System 2025-04-20 N/A
Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.
CVE-2017-17989 1 Iwcnetwork 1 Biometric Shift Employee Management System 2025-04-20 N/A
Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action.
CVE-2017-8833 1 Zen-cart 1 Zen Cart 2025-04-20 N/A
Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github."
CVE-2015-4687 1 Ellucian 1 Banner Student 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7240 1 Formget 1 Easy Contact Form Solution 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php.
CVE-2017-0195 1 Microsoft 5 Excel Web App, Office Online Server, Office Web Apps and 2 more 2025-04-20 N/A
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."
CVE-2017-17752 1 Codecrafters 1 Ability Mail Server 2025-04-20 N/A
Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4.
CVE-2016-7841 1 Olive Design 1 Olive Diary Dx 2025-04-20 N/A
Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2017-2929 2 Adobe, Microsoft 2 Acrobat, Windows 2025-04-20 N/A
Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution.
CVE-2017-13697 1 Finecms Project 1 Finecms 2025-04-20 N/A
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.
CVE-2016-6035 1 Ibm 2 Rational Quality Manager, Rational Team Concert 2025-04-20 N/A
IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896.