CVE-2017-5488

Multiple cross-site scripting XSS vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 version header of a plugin...

CVE-2016-6837

Cross-site scripting XSS vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'viewtype' parameter...

CVE-2016-7168

Cross-site scripting XSS vulnerability in the mediahandleupload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename...

CVE-2016-7168

Cross-site scripting XSS vulnerability in the mediahandleupload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename...

Cross site scripting

Cross-site scripting XSS vulnerability in the Create Employee feature in Hybris Management Console HMC in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x before 5.3.0.10, 5.4.x before 5.4.0.9, 5.5.0.x before 5.5.0.9, 5.5.1.x before 5.5.1.10, 5.6.x...

CVE-2016-7463

Cross-site scripting XSS vulnerability in the Host Client in VMware vSphere Hypervisor aka ESXi 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM...

Cross site scripting

Cross-site scripting XSS vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form 1 action or 2 xlink attribute...

CVE-2016-4552

Cross-site scripting XSS vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message...

CVE-2016-7282

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."...

CVE-2016-9152

Cross-site scripting XSS vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter...

CVE-2016-2955

Cross-site scripting XSS vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML via crafted fields in a URL...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0...

CVE-2016-9119

Cross-site scripting XSS vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-7251

Cross-site scripting XSS vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."...

Cross site scripting

Cross-site scripting XSS vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."...

CVE-2016-7251

Cross-site scripting XSS vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."...

Cross site scripting

Cross-site scripting XSS vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the sadditionalhtmlhead, sadditionalhtmltopofbody, and sadditionalhtmlfooter parameters...