Total
43528 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3003 | 1 Ibm | 1 Connections | 2026-05-06 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3006. | |||||
| CVE-2013-3484 | 1 Dotcms | 1 Dotcms | 2026-05-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) email parameter to forgotPassword. | |||||
| CVE-2014-9741 | 1 Esri | 3 Arcgis For Desktop, Arcgis For Engine, Arcgis Server | 2026-05-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-6254 | 1 Zenoss | 1 Zenoss Core | 2026-05-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device detail, (3) report name, (4) report detail, or (5) portlet name, or (6) a string to a helper method, aka ZEN-15381 and ZEN-15410. | |||||
| CVE-2015-1383 | 1 Cyberhobo | 1 Geo Mashup | 2026-05-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key. | |||||
| CVE-2014-5026 | 3 Cacti, Debian, Opensuse | 3 Cacti, Debian Linux, Opensuse | 2026-05-06 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action. | |||||
| CVE-2015-3360 | 1 Term Merge Project | 1 Term Merge | 2026-05-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Term Merge module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-3935 | 1 Dolibarr | 1 Dolibarr | 2026-05-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1) htdocs/societe/societe.php or (2) htdocs/societe/admin/societe.php. | |||||
| CVE-2014-3025 | 1 Ibm | 11 Maximo Asset Management, Maximo Asset Management Essentials, Maximo For Government and 8 more | 2026-05-06 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/. | |||||
| CVE-2014-9569 | 1 Sap | 1 Netweaver Business Client For Html | 2026-05-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285. | |||||
| CVE-2014-100030 | 1 Ganesha Digital Library Project | 1 Ganesha Digital Library | 2026-05-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action. | |||||
| CVE-2016-1000153 | 1 Tidio-gallery Project | 1 Tidio-gallery | 2026-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin tidio-gallery v1.1 | |||||
| CVE-2016-7148 | 1 Moinmo | 1 Moinmoin | 2026-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component. | |||||
| CVE-2013-6310 | 1 Ibm | 1 Marketing Platform | 2026-05-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2326 | 4 Cacti, Debian, Fedoraproject and 1 more | 4 Cacti, Debian Linux, Fedora and 1 more | 2026-05-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-4380 | 1 Linear Case Project | 1 Linear Case | 2026-05-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Linear Case module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8314 | 1 Sap | 1 Hana | 2026-05-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent. | |||||
| CVE-2015-4356 | 1 Webform Project | 1 Webform | 2026-05-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the view-based webform results table in the Webform module 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a webform. | |||||
| CVE-2015-2989 | 1 Lemon-s Php | 1 Twit Bbs | 2026-05-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attackers to inject arbitrary web script or HTML via the imagetitle parameter. | |||||
| CVE-2012-4768 | 1 Mikejolley | 1 Download Monitor | 2026-05-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI. | |||||