Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5667 1 Html-scrubber Project 1 Html-scrubber 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.
CVE-2015-5664 1 Qnap 1 Qts 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0882 1 Zen-cart 1 Zen Cart 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php.
CVE-2015-4957 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-4959 1 Ibm 1 Tivoli Federated Identity Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-5630 1 Ntt-bp 1 Japan Connected-free Wi-fi 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID.
CVE-2015-5625 1 Opendocman 1 Opendocman 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.
CVE-2015-5535 1 Qtranslate Project 1 Qtranslate 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the qTranslate plugin 2.5.39 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the qtranslate page to wp-admin/options-general.php.
CVE-2015-5612 1 Octobercms 1 October 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.
CVE-2014-1695 1 Otrs 1 Otrs 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.
CVE-2016-5660 1 Accela 1 Civic Platform 2025-04-12 6.1 Medium
Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter.
CVE-2015-3422 1 Searchblox 1 Searchblox 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp.
CVE-2016-3057 1 Ibm 1 Sterling B2b Integrator 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-3056 1 Ibm 1 Business Process Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content.
CVE-2016-3144 2 Fedoraproject, Fourkitchens 2 Fedora, Block Class 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name.
CVE-2016-6436 1 Cisco 1 Hostscan Engine 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682.
CVE-2016-6532 1 Dexis 1 Imaging Suite 2025-04-12 N/A
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session.
CVE-2016-2955 1 Ibm 1 Connections 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0984 1 Xoops 1 Xoops 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php.
CVE-2016-5721 1 Zimbra 1 Zimbra Collaboration Server 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.