U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 7,519 matching records.
Displaying matches 7,201 through 7,220.
Vuln ID Summary CVSS Severity
CVE-2016-7251

Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."

Published: November 10, 2016; 2:00:05 AM -0500
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-7239

The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."

Published: November 10, 2016; 1:59:52 AM -0500
V4.0:(not available)
V3.0: 3.1 LOW
V2.0: 2.6 LOW
CVE-2016-8583

Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS.

Published: October 28, 2016; 11:59:07 AM -0400
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-8581

A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.

Published: October 28, 2016; 11:59:05 AM -0400
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1000122

XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension

Published: October 27, 2016; 5:59:03 PM -0400
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2016-1000121

XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension

Published: October 27, 2016; 5:59:02 PM -0400
V4.0:(not available)
V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2016-1000120

SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla

Published: October 27, 2016; 5:59:00 PM -0400
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2016-1598

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.

Published: October 27, 2016; 4:59:04 PM -0400
V4.0:(not available)
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2016-1592

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.

Published: October 27, 2016; 4:59:02 PM -0400
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-0787

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI.

Published: October 27, 2016; 4:59:00 PM -0400
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-8506

XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.

Published: October 26, 2016; 2:59:08 PM -0400
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-8505

XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.

Published: October 26, 2016; 2:59:07 PM -0400
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1000119

SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla

Published: October 21, 2016; 10:59:05 AM -0400
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2016-1000118

XSS & SQLi in HugeIT slideshow v1.0.4

Published: October 21, 2016; 10:59:04 AM -0400
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2016-1000117

XSS & SQLi in HugeIT slideshow v1.0.4

Published: October 21, 2016; 10:59:03 AM -0400
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2016-1000116

Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS

Published: October 21, 2016; 10:59:01 AM -0400
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2016-1000115

Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS

Published: October 21, 2016; 10:59:00 AM -0400
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2016-1000155

Reflected XSS in wordpress plugin wpsolr-search-engine v7.6

Published: October 10, 2016; 4:59:33 PM -0400
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1000154

Reflected XSS in wordpress plugin whizz v1.0.7

Published: October 10, 2016; 4:59:32 PM -0400
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1000153

Reflected XSS in wordpress plugin tidio-gallery v1.1

Published: October 10, 2016; 4:59:31 PM -0400
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM