Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-0193 1 Ibm 2 Business Process Manager, Websphere 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition.
CVE-2016-9998 1 Spip 1 Spip 2025-04-12 N/A
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
CVE-2014-4308 1 Nice 1 Recording Express 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) USRLNM parameter to myaccount/mysettings.edit.validate.asp or the frame parameter to (2) iframe.picker.statchannels.asp, (3) iframe.picker.channelgroups.asp, (4) iframe.picker.extensions.asp, (5) iframe.picker.licenseusergroups.asp, (6) iframe.picker.licenseusers.asp, (7) iframe.picker.lookup.asp, or (8) iframe.picker.marks.asp in _ifr/.
CVE-2014-4035 1 Bestsoftinc 1 Advance Hotel Booking System 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in booking_details.php in Best Soft Inc. (BSI) Advance Hotel Booking System 2.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
CVE-2013-3484 1 Dotcms 1 Dotcms 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) email parameter to forgotPassword.
CVE-2016-1000153 1 Tidio-gallery Project 1 Tidio-gallery 2025-04-12 N/A
Reflected XSS in wordpress plugin tidio-gallery v1.1
CVE-2016-1000146 1 Pondol-formmail Project 1 Pondol-formmail 2025-04-12 N/A
Reflected XSS in wordpress plugin pondol-formmail v1.1
CVE-2016-1000138 1 Indexisto Project 1 Indexisto 2025-04-12 N/A
Reflected XSS in wordpress plugin indexisto v1.0.5
CVE-2016-1000130 1 E-search Project 1 E-search 2025-04-12 N/A
Reflected XSS in wordpress plugin e-search v1.0
CVE-2013-1810 1 Mantisbt 1 Mantisbt 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_print_by_category function or (2) project name in the summary_print_by_project function.
CVE-2014-2860 1 Paperthin 1 Commonspot Content Server 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to inject arbitrary web script or HTML via a crafted HTTP request to a (1) ColdFusion or (2) JavaScript component.
CVE-2012-5565 1 Horde 2 Groupware, Imp 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view.
CVE-2011-5309 1 Cherry-design 1 Wikipad 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2014-2729 1 Ektron 1 Ektron Content Management System 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option.
CVE-2014-2711 1 Juniper 1 Junos 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3 before 12.3R6, 13.1 before 13.1R4, 13.2 before 13.2R3, and 13.3 before 13.3R1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7987 1 Espocrm 1 Espocrm 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.
CVE-2014-7983 1 Joomla 1 Joomla\! 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6529 1 Phpipam 1 Phpipam 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.
CVE-2014-2502 1 Emc 1 Rsa Adaptive Authentication Hosted 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6477 1 Nordex 1 Nordex Control 2 Scada 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.