Total
28914 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4392 | 1 Display Suite Project | 1 Display Suite | 2024-02-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to field display settings. | |||||
| CVE-2015-0549 | 1 Emc | 1 Documentum D2 | 2024-02-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-1309 | 1 Cisco | 1 Webex Meetings Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01843. | |||||
| CVE-2016-4945 | 1 Citrix | 2 Netscaler Gateway 11.0, Netscaler Gateway 11.0 Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie. | |||||
| CVE-2015-4725 | 1 Audiosharescript | 1 Audioshare | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forgot.php in AudioShare 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | |||||
| CVE-2015-6913 | 1 Synology | 1 Download Station | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman.cgi. | |||||
| CVE-2016-1304 | 1 Cisco | 1 Unity Connection | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. | |||||
| CVE-2015-0762 | 1 Cisco | 1 Unified Meetingplace | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu51400. | |||||
| CVE-2015-3921 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2024-02-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter. | |||||
| CVE-2016-4508 | 1 Rexroth | 1 Bladecontrol-webvis | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-2075 | 2 Linux, Vmware | 2 Linux Kernel, Vrealize Business Advanced And Enterprise | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in VMware vRealize Business Advanced and Enterprise 8.x before 8.2.5 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-2387 | 1 Sap | 1 Netweaver | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220571. | |||||
| CVE-2015-6434 | 1 Cisco | 1 Prime Infrastructure | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCux64856. | |||||
| CVE-2015-8053 | 1 Adobe | 1 Coldfusion | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8052. | |||||
| CVE-2016-0031 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029. | |||||
| CVE-2014-9738 | 1 Tournament Project | 1 Tournament | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) account username, a (2) node title, or a (3) team entity title. | |||||
| CVE-2016-0030 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability." | |||||
| CVE-2016-1298 | 1 Cisco | 1 Unified Contact Center Express | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033. | |||||
| CVE-2015-5076 | 1 X2engine | 1 X2crm | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin/formEditor.php; the (2) importId parameter in protected/views/admin/rollbackImport.php; the (3) bc, (4) fg, (5) bgc, or (6) font parameter in protected/views/site/listener.php; the (7) Services[*] parameter in protected/components/views/webForm.php; the (8) file parameter in protected/components/TranslationManager.php; the (9) x2_key parameter in protected/tests/webscripts/x2WebTrackingTestPages/customWebLeadCaptureScriptTest.php; the (10) id parameter in protected/modules/contacts/controllers/ContactsController.php; or the (11) lastEventId parameter to index.php/profile/getEvents. | |||||
| CVE-2016-0711 | 1 Apache | 1 Jetspeed | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource. | |||||