Total
37831 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0696 | 1 Cisco | 1 Telepresence Tc Software | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977. | |||||
| CVE-2016-1304 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. | |||||
| CVE-2015-4372 | 1 Image Title Project | 1 Image Title | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Image Title module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-5181 | 1 Google | 1 Chrome | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages. | |||||
| CVE-2016-9889 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS. | |||||
| CVE-2014-0828 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-3989 | 1 Concrete5 | 1 Concrete5 | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors. | |||||
| CVE-2016-0227 | 1 Ibm | 1 Business Process Manager | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-1366 | 1 Pixabay Images Project | 1 Pixabay Images | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter. | |||||
| CVE-2015-2317 | 6 Canonical, Debian, Djangoproject and 3 more | 6 Ubuntu Linux, Debian Linux, Django and 3 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. | |||||
| CVE-2013-4649 | 1 Dotnetnuke | 1 Dotnetnuke | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI. | |||||
| CVE-2014-1648 | 1 Symantec | 1 Messaging Gateway | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter. | |||||
| CVE-2015-1564 | 1 Plainblack | 1 Webgui | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field. | |||||
| CVE-2015-1636 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability." | |||||
| CVE-2016-2956 | 1 Ibm | 1 Connections | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and CVE-2016-3008. | |||||
| CVE-2015-4413 | 1 Nextendweb | 1 Facebook Connect | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the new_fb_sign_button function in nextend-facebook-connect.php in Nextend Facebook Connect plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter. | |||||
| CVE-2014-100032 | 1 Airties | 1 Air 6372 | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter. | |||||
| CVE-2016-1000116 | 1 Huge-it | 1 Portfolio Gallery Manager | 2025-04-12 | 6.5 MEDIUM | 7.2 HIGH |
| Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | |||||
| CVE-2012-2569 | 1 Synametrics | 1 Xeams | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email. | |||||
| CVE-2015-2069 | 1 Woothemes | 1 Woocommerce | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports page to wp-admin/admin.php. | |||||