Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-8560 1 Microsoft 1 Exchange Server 2025-04-20 N/A
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559.
CVE-2015-5532 1 Strangerstudios 1 Paid Memberships Pro 2025-04-20 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php.
CVE-2017-6340 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2025-04-20 N/A
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that allows any authenticated, remote user (even with low privileges like 'Auditor') to create or modify reports, and consequently take advantage of this XSS vulnerability. The JavaScript is executed when victims visit reports or auditlog pages.
CVE-2016-9723 1 Ibm 2 Qradar Incident Forensics, Qradar Security Information And Event Manager 2025-04-20 N/A
IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.
CVE-2016-8924 1 Ibm 1 Maximo Asset Management 2025-04-20 N/A
IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537.
CVE-2016-9694 1 Ibm 1 Rational Rhapsody Design Manager 2025-04-20 N/A
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999960.
CVE-2017-1369 1 Ibm 1 Rational Engineering Lifecycle Manager 2025-04-20 N/A
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126862.
CVE-2017-1000088 1 Jenkins 1 Sidebar Link 2025-04-20 N/A
The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links.
CVE-2017-13138 1 Qodeinteractive 1 Bridge 2025-04-20 N/A
DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript.
CVE-2017-2528 1 Apple 2 Iphone Os, Safari 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames.
CVE-2016-8946 1 Ibm 1 Emptoris Sourcing 2025-04-20 N/A
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833.
CVE-2017-14713 1 Telaxius 1 Epesi 2025-04-20 N/A
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter.
CVE-2016-8948 1 Ibm 1 Emptoris Sourcing 2025-04-20 N/A
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835.
CVE-2016-8950 1 Ibm 1 Emptoris Sourcing 2025-04-20 N/A
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118837.
CVE-2017-12907 1 Nexusphp Project 1 Nexusphp 2025-04-20 N/A
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
CVE-2017-9070 1 Modx 1 Modx Revolution 2025-04-20 N/A
In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.
CVE-2017-12879 1 Paessler 1 Prtg Network Monitor 2025-04-20 N/A
Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML.
CVE-2017-11198 1 Finecms Project 1 Finecms 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter.
CVE-2017-12856 1 C.p.sub Project 1 C.p.sub 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php.
CVE-2017-1120 1 Ibm 1 Websphere Portal 2025-04-20 N/A
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152.