Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (44181 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5892 1 Ibm 2 B2b Advanced Communications, Multi-enterprise Integration Gateway 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-7385 1 Open-xchange 1 Ox Guard 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote attackers to inject arbitrary web script or HTML via the uid field in a PGP public key, which is not properly handled in "Guard PGP Settings."
CVE-2016-4969 1 Fortinet 1 Fortiwan 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php.
CVE-2015-7579 1 Rubyonrails 2 Html Sanitizer, Rails 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
CVE-2015-7578 1 Rubyonrails 2 Html Sanitizer, Rails 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.
CVE-2015-7536 1 Jenkins 1 Jenkins 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.
CVE-2016-5901 1 Ibm 1 Business Process Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-5920 1 Ibm 1 Financial Transaction Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-7520 1 Apache 1 Wicket 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a <input> element.
CVE-2016-1157 1 Log-chat Project 1 Log-chat 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1160 1 Wp Favorite Posts Project 1 Wp Favorite Posts 2025-04-12 6.1 Medium
Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1169 1 Hiniarata 1 Casebook Plugin 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1171 1 Hiniarata 1 Casebook Plugin 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1173 1 Hiniarata 1 Casebook Plugin 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1180 2 Cyber-will, Ec-cube 2 Social-button Premium, Ec-cube 2025-04-12 6.1 Medium
Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin before 1.1 for EC-CUBE 2.13.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1197 1 Cybozu 1 Garoon 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.
CVE-2016-1205 1 Shiro8 2 Category Freearea Addition, Itemdetail Freearea Addition 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1207 1 Iodata 6 Wn-g300r, Wn-g300r2, Wn-g300r2 Firmware and 3 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1222 1 Kobe-beauty 1 Php-contact-form 2025-04-12 6.1 Medium
Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.
CVE-2016-1224 1 Trendmicro 2 Worry-free Business Security, Worry-free Business Security Services 2025-04-12 6.1 Medium
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.