Total
38173 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6641 | 1 Prestashop | 1 Prestashop | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to "parameter names and values." | |||||
| CVE-2014-100016 | 1 Photocati Media | 1 Photocrati | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-sizes.php in the Photocrati theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the prod_id parameter. | |||||
| CVE-2016-5191 | 1 Google | 1 Chrome | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL. | |||||
| CVE-2014-2844 | 1 F-secure | 1 Secure Messaging Secure Gateway | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the SysUser module to admin. | |||||
| CVE-2016-3212 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability." | |||||
| CVE-2016-1913 | 1 Redhen Project | 1 Redhen | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Redhen module 7.x-1.x before 7.x-1.11 for Drupal allow remote authenticated users with certain access to inject arbitrary web script or HTML via unspecified vectors, related to (1) individual contacts, (2) notes, or (3) engagement scores. | |||||
| CVE-2014-8992 | 1 Modx | 1 Modx Revolution | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter. | |||||
| CVE-2014-3375 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597. | |||||
| CVE-2014-3473 | 2 Openstack, Opensuse | 2 Horizon, Opensuse | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template. | |||||
| CVE-2016-1157 | 1 Log-chat Project | 1 Log-chat | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-4367 | 1 Simple Subscription Project | 1 Simple Subscription | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permission to inject arbitrary web script or HTML via vectors related to block content. | |||||
| CVE-2014-8308 | 1 Sap | 1 Businessobjects | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-4539 | 1 Emc | 1 Rsa Identity Management And Governance | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-7139 | 1 Cfdbplugin | 1 Contact Form Db | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) form or (2) enc parameter in the CF7DBPluginShortCodeBuilder page to wp-admin/admin.php. | |||||
| CVE-2016-5944 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string. | |||||
| CVE-2013-3728 | 1 Kasseler-cms | 1 Kasseler-cms | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an admin_new_category action to admin.php. | |||||
| CVE-2015-2349 | 1 Superwebmailer | 1 Superwebmailer | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in defaultnewsletter.php in SuperWebMailer 5.60.0.01190 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTMLForm parameter. | |||||
| CVE-2015-1619 | 1 Mcafee | 1 Email Gateway | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages. | |||||
| CVE-2015-8755 | 1 Typo3 | 1 Typo3 | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2014-3832 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function. | |||||