Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-100036 1 Flatpress 1 Flatpress 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI.
CVE-2011-4193 1 Suse 2 Studio Extension For System Z, Studio Onsite 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning.
CVE-2014-100038 1 Storytlr 1 Storytlr 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter to search/.
CVE-2014-10018 1 Teracom 1 T2-b-gawv1.4u10y-bi 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter.
CVE-2014-10028 1 Dlink 2 Dap-1360, Dap-1360 Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41.
CVE-2014-8377 1 Webasyst 1 Shop-script 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script 5.2.2.30933 allows remote attackers to inject arbitrary web script or HTML via the phone number field in a new contact to phpecom/index.php/webasyst/contacts/.
CVE-2014-8349 1 Liferay 1 Liferay Portal 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file.
CVE-2014-10036 1 Jetbrains 1 Teamcity 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.
CVE-2016-3126 1 Blackberry 1 Enterprise Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-8266 1 Qpr 1 Portal 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field.
CVE-2014-8267 1 Qpr 1 Portal 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter.
CVE-2014-1224 1 Rexx-systems 1 Recruitment 2025-04-12 N/A
Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote attackers to conduct cross-site scripting (XSS) attacks via the oninput event handler in the fname parameter to the default URI in /reg.
CVE-2014-4406 1 Apple 1 Os X Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-3144 2 Fedoraproject, Fourkitchens 2 Fedora, Block Class 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name.
CVE-2016-5333 1 Vmware 1 Photon Os 2025-04-12 N/A
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
CVE-2016-4552 1 Roundcube 1 Webmail 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.
CVE-2016-3196 1 Fortinet 2 Fortianalyzer Firmware, Fortimanager Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.
CVE-2014-1223 1 Telligent 1 Evolution 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx in Telligent Evolution before 6.1.19.36103, 7.x before 7.1.12.36162, 7.5.x, and 7.6.x before 7.6.7.36651 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information.
CVE-2014-1855 1 Seopanel 1 Seo Panel 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel before 3.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) capcheck parameter to directories.php or (2) keyword parameter to proxy.php.
CVE-2014-1942 1 Pearson 1 Esis Enterprise Student Information System 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx in Pearson eSIS Enterprise Student Information System allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.