Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-2169 1 Maxbuttons Project 1 Maxbuttons 2025-04-20 N/A
Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-16919 1 Mapos Project 1 Mapos 2025-04-20 N/A
MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in /clientes/visualizar, which allows remote attackers to inject arbitrary web script or HTML via a crafted description parameter.
CVE-2017-2339 1 Juniper 1 Screenos 2025-04-20 N/A
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
CVE-2017-0255 1 Microsoft 1 Sharepoint Foundation 2025-04-20 N/A
Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability".
CVE-2017-5183 1 Netiq 1 Access Manager 2025-04-20 N/A
NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.
CVE-2017-2168 1 Wpbookingsystem 1 Wp Booking System 2025-04-20 N/A
Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-8838 1 Peplink 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more 2025-04-20 N/A
XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.
CVE-2016-6837 1 Mantisbt 1 Mantisbt 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter.
CVE-2017-9062 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-20 N/A
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
CVE-2017-9063 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-20 N/A
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.
CVE-2017-6103 1 Anyvar Project 1 Anyvar 2025-04-20 N/A
Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1.
CVE-2017-6102 1 Rockhoist Badges Project 1 Rockhoist Badges Plugin 2025-04-20 N/A
Persistent XSS in wordpress plugin rockhoist-badges v1.2.2.
CVE-2017-5998 1 Intersect Alliance 1 Snare Epilog 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the str_log_name parameter in a "Web Admin Portal > Log Configuration > Add" action.
CVE-2016-2979 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945.
CVE-2016-2992 1 Ibm 1 Biginsights 2025-04-20 N/A
IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2017-5542 1 Getsymphony 1 Symphony 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter.
CVE-2016-8935 1 Ibm 1 Kenexa Lms 2025-04-20 N/A
IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483.
CVE-2015-9104 1 Synology 1 Audio Station 2025-04-20 N/A
Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title.
CVE-2015-8862 1 Mustache.js Project 1 Mustache.js 2025-04-20 N/A
mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
CVE-2015-9103 1 Synology 1 Note Station 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.