Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-2671 1 Brother 2 Mfc-9970cdw, Mfc-9970cdw Firmware 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val parameter to admin/admin_main.html; (3) id, (4) val, or (5) arbitrary parameter name (QUERY_STRING) to admin/profile_settings_net.html; or (6) kind or (7) arbitrary parameter name (QUERY_STRING) to fax/general_setup.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2670.
CVE-2016-1311 1 Cisco 1 Jabber Guest 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224.
CVE-2015-3369 1 Taxonews Project 1 Taxonews 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Taxonews module before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a term name in a block.
CVE-2014-8326 2 Opensuse, Phpmyadmin 2 Opensuse, Phpmyadmin 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.
CVE-2015-1389 1 Arubanetworks 1 Clearpass Policy Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.
CVE-2014-7295 1 Mediawiki 1 Mediawiki 2025-04-12 N/A
The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.
CVE-2014-3681 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7217 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php.
CVE-2013-4753 1 Claroline 1 Claroline 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the "First name" field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php.
CVE-2016-1000148 1 S3-video Project 1 S3-video 2025-04-12 N/A
Reflected XSS in wordpress plugin s3-video v0.983
CVE-2015-3226 1 Rubyonrails 2 Rails, Ruby On Rails 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.
CVE-2016-1599 1 Microfocus 1 Self Service Password Reset 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-2870 1 Chiyutw 3 Bf-630, Bf-630w, Bf-660c 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element.
CVE-2016-1598 1 Novell 2 Identity Manager, Identity Manager Identity Applications 2025-04-12 N/A
XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.
CVE-2016-1596 1 Novell 1 Service Desk 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter.
CVE-2016-1000142 1 Parsi-font Project 1 Parsi-font 2025-04-12 N/A
Reflected XSS in wordpress plugin parsi-font v4.2.5
CVE-2016-1000137 1 Hero-maps-pro Project 1 Hero-maps-pro 2025-04-12 N/A
Reflected XSS in wordpress plugin hero-maps-pro v2.1.0
CVE-2016-1000133 1 Designsandcode 1 Forget About Shortcode Buttons 2025-04-12 N/A
Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
CVE-2016-1000151 1 Tera-charts Project 1 Tera-charts 2025-04-12 N/A
Reflected XSS in wordpress plugin tera-charts v1.0
CVE-2016-2560 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.