Total
37851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2712 | 1 Krisonav | 1 Krisonav | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter. | |||||
| CVE-2014-5317 | 1 Php365 | 4 365 Links, 365 Links2, 365 Links\+ and 1 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 and earlier, 365 Links2 3.11 and earlier, 365 Links+ 2.10 and earlier, and 365 Links2+ 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2839 | 1 Citrix | 1 Netscaler | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix. | |||||
| CVE-2015-1639 | 1 Microsoft | 1 Office | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac XSS Vulnerability." | |||||
| CVE-2015-2747 | 1 Websense | 2 Triton, V-series Appliances | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy. | |||||
| CVE-2016-1000140 | 1 New-year-firework Project | 1 New-year-firework | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin new-year-firework v1.1.9 | |||||
| CVE-2015-0216 | 1 Moodle | 1 Moodle | 2025-04-12 | 3.5 LOW | N/A |
| access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback. | |||||
| CVE-2015-4381 | 1 Invoice Project | 1 Invoice | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "Administer own invoices" permission to inject arbitrary web script or HTML via unspecified vectors involving nodes of the "Invoice" content type. | |||||
| CVE-2015-2850 | 1 Antlabs | 6 Inngate Ig 3.01 E, Inngate Ig 3.10 E, Inngate Ig 3.10 M and 3 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2016-6395 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658. | |||||
| CVE-2015-1058 | 1 Insanevisions | 1 Adaptcms | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add, (2) data[Field][title] parameter to admin/fields/ajax_fields/, (3) name property in a basicInfo JSON object to admin/tools/create_theme, (4) data[Link][link_title] parameter to admin/links/links/add, or (5) data[ForumTopic][subject] parameter to forums/off-topic/new. | |||||
| CVE-2015-7370 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026, allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data-file parameter. | |||||
| CVE-2016-0209 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-1039 | 1 Zfcuser Project | 1 Zfcuser | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. | |||||
| CVE-2014-2231 | 1 I-doit | 1 I-doit | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title. | |||||
| CVE-2014-8993 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type. | |||||
| CVE-2014-5456 | 1 Social Stats Project | 1 Social Stats | 2025-04-12 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbitrary web script or HTML via vectors related to the configuration. | |||||
| CVE-2015-7997 | 1 Citrix | 3 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware, Netscaler Service Delivery Appliance Service Vm | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-0549 | 1 Emc | 1 Documentum D2 | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6233 | 1 Eng | 1 Spagobi | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field in the "Short document metadata." | |||||