Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1036 1 Adobe 1 Analytics Appmeasurement For Flash Library 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-4388 1 Current Search Links Project 1 Current Search Links 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Current Search Links module 7.x-1.x before 7.x-1.1 for Drupal, when the "Append the keywords passed by the user to the list" option is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted search query.
CVE-2015-6058 1 Microsoft 1 Edge 2025-04-12 N/A
Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass."
CVE-2015-2807 1 Documentcloud 1 Navis Documentcloud 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.
CVE-2016-1451 1 Cisco 1 Meeting Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922.
CVE-2013-6222 1 Hp 1 Service Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-10012 1 Strategy11 1 Awp Classifieds 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
CVE-2013-6220 1 Hp 1 Network Node Manager I 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-10009 1 Iwcn 1 Stark Crm 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to the add_insurance_cat page; or (6) status[] parameter to the add_status page.
CVE-2015-0937 1 Blue Coat 1 Malware Analysis Appliance 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0284 1 Redhat 3 Network Satellite, Satellite, Spacewalk-java 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.
CVE-2015-4378 1 Crumbs Project 1 Crumbs 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Crumbs module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "Administer Crumbs" permission to inject arbitrary web script or HTML via a custom breadcrumb separator.
CVE-2014-10007 1 Maianscriptworld 1 Maian Weblog 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) subject parameter in a contact action to index.php.
CVE-2013-6037 1 Aker 1 Secure Mail Gateway 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter.
CVE-2014-0956 1 Ibm 1 Websphere Portal 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-0953 1 Ibm 1 Websphere Portal 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2016-1311 1 Cisco 1 Jabber Guest 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224.
CVE-2016-1000142 1 Parsi-font Project 1 Parsi-font 2025-04-12 N/A
Reflected XSS in wordpress plugin parsi-font v4.2.5
CVE-2015-4294 1 Cisco 1 Unified Communications Manager Im And Presence Service 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766.
CVE-2013-4649 1 Dotnetnuke 1 Dotnetnuke 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.