4548 matches found
CVE-2019-17524
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this...
CVE-2011-3384
Cross-site scripting XSS vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102...
CVE-2011-2410
Cross-site scripting XSS vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-2509
Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to the comcontact component, as demonstrated by the Itemid parameter to index.php; 2 the query string to the comcontent component, as...
CVE-2015-6510
Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 srctrack, 2 usemfstmpsize, or 3 usemfsvarsize parameter to systemadvancedmisc.php; the 4 port, 5 snaplen, or 6 count parameter to diagpacketcapture.php...
CVE-2015-8037
Multiple cross-site scripting XSS vulnerabilities in the Graphical User Interface GUI in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the 1 SOMVpnSSLPortalDialog or 2 FGDMngUpdHistory...
CVE-2013-0730
Multiple cross-site scripting XSS vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 language parameter to application/modules/admin/controllers/LanguagesController.php or 2 user parameter to...
CVE-2015-6809
Multiple cross-site scripting XSS vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the 1 cfgprojectName parameter to index.php/admin/saveConfig, the 2 datastatsproviderurl parameter to index.php/areas/saveArea, or the 3 datadescription...
CVE-2019-9230
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting XSS vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script o...
CVE-2019-5947
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'...
CVE-2019-19385
A cross-site scripting XSS vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the appuuid parameter...
CVE-2019-17523
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp...
CVE-2014-9743
Cross-site scripting XSS vulnerability in the httpdHtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info...
CVE-2017-9622
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data...
CVE-2017-9623
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data...
CVE-2017-9452
Cross-site scripting XSS vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter...
CVE-2015-8038
Multiple cross-site scripting XSS vulnerabilities in the Graphical User Interface GUI in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the 1 sharedjobmanager or 2 SOMServiceObjDialog...
CVE-2015-6808
Cross-site scripting XSS vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title...
CVE-2013-4711
Cross-site scripting XSS vulnerability in Accela BizSearch 3.2 on Linux and Solaris allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-4103
Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input...