6892 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified conten...
CVE-2016-6127
Cross-site scripting XSS vulnerability in Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified conten...
CVE-2017-10795
Cross-site scripting XSS vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069...
CVE-2017-10795
Cross-site scripting XSS vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069...
CVE-2015-9103
Multiple cross-site scripting XSS vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the 1 note title or 2 file name of attachments...
Cross site scripting
Cross-site scripting XSS vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtualname parameter to /admin.php i.e., creating a virtual album...
CVE-2017-9622
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data...
CVE-2017-9623
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data...
Cross site scripting
admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication aka a...
CVE-2017-9547
admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication aka ...
CVE-2017-9547
admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication aka ...
Cross site scripting
Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username...
Cross site scripting
Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-7813
Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username...
CVE-2016-7813
Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username...
CVE-2016-7817
Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-7469
A stored cross-site scripting XSS vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an...
Cross site scripting
Cross-site scripting XSS vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and core\admin\modules\pages\revisions.php. Low-privileged...
CVE-2017-9441
Multiple cross-site scripting XSS vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the 1 title or 2 version or 3 authorname parameter in manifest.json. This issue exists ...