Total
37818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3381 | 1 Insite | 1 Node Basket | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Node basket module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-1902 | 1 Y-cam | 30 Ycb001, Ycb001 Firmware, Ycb002 and 27 more | 2025-04-12 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to inject arbitrary web script or HTML via the (1) SYSCONTACT parameter to form/identityApply, as triggered using en/identity.asp; (2) PASSWD parameter to form/accAdd, as triggered using en/account/accedit.asp; (3) NTPSERVER parameter to form/clockApply, as triggered using en/clock.asp; (4) SERVER parameter to form/smtpclientApply, as triggered using en/smtpclient.asp; (5) SERVER parameter to form/ftpApply, as triggered using en/ftp.asp; or (6) SERVER parameter to form/httpEventApply, as triggered using en/httpevent.asp. | |||||
| CVE-2015-0131 | 1 Ibm | 1 Leads | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3737 | 1 Storesprite | 1 Storesprite | 2025-04-12 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in templates/defaultheader.php in Lamp Design Storesprite before 7 - 19-06-14, when using the currency selection dropdown, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to brand.php, related to the currencyUrl function. | |||||
| CVE-2014-10028 | 1 Dlink | 2 Dap-1360, Dap-1360 Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41. | |||||
| CVE-2014-4845 | 1 Stillbreathing | 1 Bannerman | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bannerman_background parameter to wp-admin/options-general.php. | |||||
| CVE-2016-1596 | 1 Novell | 1 Service Desk | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter. | |||||
| CVE-2015-3390 | 1 Facebook Album Fetcher Project | 1 Facebook Album Fetcher | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-4270 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702. | |||||
| CVE-2014-6616 | 1 Softing | 2 Fg-100 Profibus, Fg-x00 Profibus Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/. | |||||
| CVE-2015-0892 | 1 Maroyaka Image Album Project | 1 Maroyaka Image Album | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8916 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144. | |||||
| CVE-2015-5365 | 1 Zurmo | 1 Zurmo Crm | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "What's going on?" profile field. | |||||
| CVE-2016-6850 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). | |||||
| CVE-2016-1314 | 1 Sun | 1 Opensolaris | 2025-04-12 | 3.5 LOW | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760. | |||||
| CVE-2016-1136 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-3379 | 1 Microsoft | 1 Exchange Server | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability." | |||||
| CVE-2016-6854 | 1 Open-xchange | 1 Ox Guard | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). | |||||
| CVE-2014-2067 | 1 Jenkins | 1 Jenkins | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note." | |||||
| CVE-2015-3647 | 1 Wppa.opajaap | 1 Wp-photo-album-plus | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action. | |||||