CVE-2017-7736

A stored Cross-site Scripting XSS vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import...

HPE ArcSight ESM and HPE ArcSight ESM Express Cross-Site Scripting Vulnerability

HPE ArcSight ESM Enterprise Security Manager and ESM Express are both enterprise security management software with event correlation and security analysis capabilities from Hewlett Packard Enterprise HPE. The software collects, correlates and reports on enterprise-wide security events in real tim...

CVE-2010-3659

Multiple cross-site scripting XSS vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified...

CVE-2015-7391

Multiple cross-site scripting XSS vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the 1 selectedenddate or 2 selectedstartdate parameter to lib/results/tcCreatedPerUserOnTestProject.php; the 3 containerType parameter to...

WordPress Visual Editor Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress visual editor. A remote attacker can exploit this vulnerability ...

Flyspray Cross-Site Scripting Vulnerability

Flyspray is a web-based bug tracking system software. A cross-site scripting vulnerability exists in Flyspray version 1.0-rc4. An attacker can exploit this vulnerability to inject arbitrary web script or HTML...

CVE-2017-5616

Cross-site scripting XSS vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter...

CVE-2016-2994

Cross-site scripting XSS vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-2864

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0...

WordPress Collne Welcart e-Commerce Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.Collne Welcart e-Commerce is one of the e-commerce plug-ins. A cross-site scripting vulnerability exists in WordPress Colln...

CVE-2016-1222

Cross-site scripting XSS vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted URI...

CVE-2016-1652

Cross-site scripting XSS vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS...

CVE-2016-1377

Cross-site scripting XSS vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776...

CVE-2015-4957

Cross-site scripting XSS vulnerability in the Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

CVE-2016-0866

Cross-site scripting XSS vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System SMS Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-7365

Cross-site scripting XSS vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors...

CVE-2014-8987

Cross-site scripting XSS vulnerability in the "set configuration" box in the Configuration Report page admconfigreport.php in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the configoption parameter, a different vulnerability than...

CVE-2015-3438

Multiple cross-site scripting XSS vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a 1 four-byte UTF-8 character or 2 invalid character that reaches the database layer, as demonstrated by a crafted...

CVE-2015-0551

Multiple cross-site scripting XSS vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before...

CVE-2015-0551

Multiple cross-site scripting XSS vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before...