Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1176 1 Osticket 1 Osticket 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action.
CVE-2015-2948 1 Zenphoto 1 Zenphoto 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8539 1 Simple Email Form Project 1 Simple Email Form 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php.
CVE-2015-5529 1 Freereprintables 1 Articlefr 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to dashboard/settings/categories/, (2) title or (3) rel parameter to dashboard/settings/links/, or (4) url parameter to dashboard/tools/pingservers/.
CVE-2014-0218 1 Moodle 1 Moodle 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2082 1 Unit4 1 Prosoft Hrms 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Login.aspx in UNIT4 Prosoft HRMS before 8.14.330.43 allows remote attackers to inject arbitrary web script or HTML via the txtUserID parameter.
CVE-2014-6180 1 Ibm 1 Websphere Service Registry And Repository 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header.
CVE-2014-8619 1 Fortinet 1 Fortiweb 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0870 1 Nishishi 1 Fumy News Clipper 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory Fumy News Clipper 2.x before 2.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0871 1 Shiromuku 1 Guestbook 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1143 1 Vine Mv Project 1 Vine Mv 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before 2015-11-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1173 1 Hiniarata 1 Casebook Plugin 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-9214 1 Cisco 1 Identity Services Engine Software 2025-04-12 N/A
Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CSCvb86760. Known Affected Releases: 2.0(101.130).
CVE-2016-1211 1 Epoch 1 Web Mailing List 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-6532 1 Dexis 1 Imaging Suite 2025-04-12 N/A
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session.
CVE-2016-1229 1 Humhub 1 Humhub 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4820 1 Ibm 1 Integration Bus Manufacturing Pack 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM Integration Bus Manufacturing Pack 1.x before 1.0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1113 1 Adobe 1 Coldfusion 2025-04-12 6.1 Medium
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4433 1 Php 1 Xhprof 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the run parameter.
CVE-2016-1592 1 Netiq 1 Identity Manager 2025-04-12 N/A
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.