Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4366 1 Mover Project 1 Mover 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Mover module 6.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2703 1 Websense 2 Triton Ap Web, V-series Appliances 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via the (1) ws-userip in the ws-encdata parameter to cve-bin/moreBlockInfo.cgi in the Data Security block page or (2) admin_msg parameter to configure/ssl_ui/eva-config/client-cert-import_wsoem.html in the Content Gateway, which is not properly handled in an error message.
CVE-2014-4033 1 Efrontlearning 1 Efront 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.
CVE-2015-2250 1 Concrete5 1 Concrete5 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) channel parameter to index.php/dashboard/reports/logs/view, (3) accessType parameter to index.php/tools/required/permissions/access_entity, (4) msCountry parameter to index.php/dashboard/system/multilingual/setup/load_icon, arHandle parameter to (5) design/submit or (6) design in index.php/ccm/system/dialogs/area/design/submit, (7) pageURL to index.php/dashboard/pages/single, (8) SEARCH_INDEX_AREA_METHOD parameter to index.php/dashboard/system/seo/searchindex/updated, (9) unit parameter to index.php/dashboard/system/optimization/jobs/job_scheduled, (10) register_notification_email parameter to index.php/dashboard/system/registration/open/1, or (11) PATH_INFO to index.php/dashboard/extend/connect/.
CVE-2015-4359 1 Registration Codes Project 1 Registration Codes 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with permission to create or edit taxonomy terms or nodes to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-4358 1 Ubercart Discount Coupons Project 1 Ubercart Discount Coupons 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Ubercart Discount Coupons module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.
CVE-2015-4357 1 Webform Project 1 Webform 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.22, 7.x-3.x before 7.x-3.22, and 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title, which is used as the default title of a webform block.
CVE-2015-4347 1 Inlinks Project 1 Inlinks 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the inLinks Integration module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified path arguments.
CVE-2015-4337 1 Xcloner 1 Xcloner 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php.
CVE-2015-2960 1 Zohocorp 1 Manageengine Netflow Analyzer 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2973 1 Welcart 1 Welcart E-commerce 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3) includes/edit-form-advanced30.php, (4) includes/edit-form-advanced34.php, (5) includes/member_edit_form.php, (6) includes/order_edit_form.php, (7) includes/order_list.php, or (8) includes/usces_item_master_list.php, related to admin.php.
CVE-2015-4268 1 Cisco 1 Identity Services Engine Software 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCus16052.
CVE-2015-4260 1 Cisco 1 Hosted Collaboration Solution 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cisco Hosted Collaboration Solution 10.6(1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu14862.
CVE-2015-3219 4 Debian, Openstack, Oracle and 1 more 4 Debian Linux, Horizon, Solaris and 1 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
CVE-2015-4210 1 Cisco 1 Webex Meeting Center 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806.
CVE-2015-3384 1 Commerce Balanced Payments Project 1 Commerce Balanced Payments 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Bank Account Listing Page in the Commerce Balanced Payments module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6039 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka "Microsoft SharePoint Security Feature Bypass Vulnerability."
CVE-2015-3385 1 Taxonomy Path Project 1 Taxonomy Path 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Taxonomy Path module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link to path" field formatter.
CVE-2015-4093 1 Elastic 1 Kibana 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-3386 1 Node Access Product Project 1 Node Access Product 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Node Access Product module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.