Total
37835 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4033 | 1 Efrontlearning | 1 Efront | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php. | |||||
| CVE-2015-4198 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409. | |||||
| CVE-2015-1057 | 1 E107 | 1 E107 | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value. | |||||
| CVE-2014-8746 | 1 Drupal | 1 Skeleton Theme | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. | |||||
| CVE-2016-8583 | 1 Alienvault | 2 Open Source Security Information And Event Management, Unified Security Management | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS. | |||||
| CVE-2014-3595 | 2 Redhat, Suse | 6 Satellite, Satellite With Embedded Oracle, Spacewalk-java and 3 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging. | |||||
| CVE-2016-6856 | 1 Sap | 1 Hybris | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter. | |||||
| CVE-2016-1912 | 1 Dolibarr | 1 Dolibarr | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php. | |||||
| CVE-2012-6130 | 1 Roundup-tracker | 1 Roundup | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link. | |||||
| CVE-2014-8077 | 1 Drupal | 1 Newsflash | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property. | |||||
| CVE-2015-0656 | 1 Cisco | 3 Network Analysis Module 2304, Network Analysis Module 2320, Network Analysis Module Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269. | |||||
| CVE-2014-0232 | 1 Apache | 1 Ofbiz | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1) result or (2) error message. | |||||
| CVE-2014-4551 | 1 Social Connect Project | 1 Social Connect | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in diagnostics/test.php in the Social Connect plugin 1.0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the testing parameter. | |||||
| CVE-2014-100008 | 1 Joomlaskin | 1 Js Multi Hotel | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/delete_img.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter. | |||||
| CVE-2016-1311 | 1 Cisco | 1 Jabber Guest | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224. | |||||
| CVE-2014-5438 | 1 Arris | 2 Touchstone Tg862g\/ct, Touchstone Tg862g\/ct Firmware | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php. | |||||
| CVE-2014-6179 | 1 Ibm | 1 Websphere Service Registry And Repository | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8317 | 1 Webform Validation Project | 1 Webform Validation | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name text. | |||||
| CVE-2016-6607 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2014-3740 | 1 Spiceworks | 1 Spiceworks | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page. | |||||