Total
45586 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2647 | 1 Hp | 1 Operations Agent | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-5101 | 1 Webidsupport | 1 Webid | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authnet_id, (12) TPL_authnet_pass, (13) TPL_worldpay_id, (14) TPL_toocheckout_id, or (15) TPL_moneybookers_email in a first action to register.php or the (16) username parameter in a login action to user_login.php. | ||||
| CVE-2010-5302 | 1 Binarymoon | 1 Timthumb | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | ||||
| CVE-2014-9269 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie. | ||||
| CVE-2014-9270 | 1 Mantisbt | 1 Mantisbt | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 through 1.2.17 allows remote attackers to inject arbitrary web script or HTML via the "profile/Platform" field. | ||||
| CVE-2014-8748 | 1 Drupal | 1 Doubleclick For Publishers | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name. | ||||
| CVE-2014-9412 | 1 Microfocus | 1 Access Manager | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216. | ||||
| CVE-2014-9446 | 1 Koha | 1 Koha | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl. | ||||
| CVE-2015-8233 | 1 Mayo Project | 1 Mayo | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the "Administer themes" permission to inject arbitrary web script or HTML via unspecified vectors related to theme settings. | ||||
| CVE-2014-9516 | 1 Social Microblogging Pro Project | 1 Social Microblogging Pro | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site" input in the Profile section. | ||||
| CVE-2014-2856 | 2 Apple, Redhat | 2 Cups, Enterprise Linux | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. | ||||
| CVE-2011-3591 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js. | ||||
| CVE-2016-2912 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2015-0156 | 1 Ibm | 2 Business Process Manager, Websphere | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2015-6058 | 1 Microsoft | 1 Edge | 2025-04-12 | N/A |
| Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass." | ||||
| CVE-2012-1503 | 1 Sixapart | 1 Movable Type | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section. | ||||
| CVE-2014-6173 | 1 Ibm | 1 Business Process Manager | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2013-4433 | 1 Php | 1 Xhprof | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the run parameter. | ||||
| CVE-2014-8914 | 1 Ibm | 1 Business Process Manager | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8913. | ||||
| CVE-2016-4363 | 1 Hp | 1 Insight Control Server Deployment | 2025-04-12 | N/A |
| HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors. | ||||