| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php. |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack. |
| An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp. |
| An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write. |
| Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account. |
| The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field. |
| The Add page option in my little forum 2.4.12 allows XSS via the Title field. |
| The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS. |
| The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone. |
| Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter. |
| Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field. |
| Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page. |
| LOYTEC LGATE-902 6.3.2 devices allow XSS. |
| LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. |
| The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters. |
