Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11685 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter.
|
|||||
| CVE-2015-8354 | 1 Ultimatemember | 1 Ultimate Member | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php.
|
|||||
| CVE-2016-4870 | 1 Cybozu | 1 Office | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.
|
|||||
| CVE-2017-7335 | 1 Fortinet | 1 Fortiwlc | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests.
|
|||||
| CVE-2016-9732 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761.
|
|||||
| CVE-2017-1000225 | 1 Relevanssi | 1 Relevanssi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can
|
|||||
| CVE-2012-6705 | 1 Jamroom | 1 Jamroom | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field.
|
|||||
| CVE-2017-9556 | 1 Synology | 1 Video Station | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter.
|
|||||
| CVE-2017-12257 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting ma ...
Show More |
|||||
| CVE-2015-9229 | 1 Imagely | 1 Nextgen Gallery | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.
|
|||||
| CVE-2017-1553 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397.
|
|||||
| CVE-2017-16760 | 1 Inedo | 1 Buildmaster | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Inedo BuildMaster before 5.8.2 has XSS.
|
|||||
| CVE-2017-2683 | 1 Siemens | 1 Ruggedcom Network Management Software | 2025-04-20 | 4.3 MEDIUM | 8.2 HIGH |
|
A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.
|
|||||
| CVE-2017-1000038 | 1 Relevanssi | 1 Relevanssi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site
|
|||||
| CVE-2017-1000059 | 1 Livehelperchat | 1 Live Helper Chat | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users.
|
|||||
| CVE-2017-16802 | 1 Misp-project | 1 Misp | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.
|
|||||
| CVE-2016-4883 | 1 Basercms | 1 Basercms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2017-7897 | 1 Mantisbt | 1 Mantisbt | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.
|
|||||
| CVE-2017-1100 | 1 Ibm | 1 Rational Quality Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120661.
|
|||||
| CVE-2016-2104 | 1 Redhat | 1 Satellite | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags.
|
|||||
| CVE-2017-9674 | 1 Simplece | 1 Simplece | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user.
|
|||||
| CVE-2015-8667 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
|
|||||
| CVE-2017-6807 | 1 Uninett | 1 Mod Auth Mellon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site.
|
|||||
| CVE-2015-2046 | 1 Mantisbt | 1 Mantisbt | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20.
|
|||||
| CVE-2017-12971 | 1 Apache2triad | 1 Apache2triad | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php.
|
|||||
| CVE-2014-9310 | 1 Wordpress Backup To Dropbox Project | 1 Wordpress Backup To Dropbox | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress.
|
|||||
| CVE-2016-9731 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2016-4316 | 1 Wso2 | 1 Carbon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp.
|
|||||
| CVE-2015-8815 | 1 Umbraco | 1 Umbraco | 2025-04-20 | 5.0 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page.
|
|||||
| CVE-2017-16807 | 1 Getkirby | 1 Panel | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.
|
|||||
| CVE-2017-6392 | 1 Kaltura | 1 Kaltura Server | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2017-1101 | 1 Ibm | 1 Rational Quality Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662.
|
|||||
| CVE-2017-2171 | 1 Bestwebsoft | 51 Captcha, Car Rental, Contact Form and 48 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, F ...
Show More |
|||||
| CVE-2017-5673 | 1 Kunena | 1 Kunena | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default.php, crypsis/layouts/message/item/top/default.php, crypsis/layouts/message/item/bottom/default.php, crypsisb3/layouts/message/item/default.php, crypsisb3/layouts/message/item/top/default.php, and crypsisb3/layouts/message/item/bottom/default.php. This is fixed in 5.0.5.
|
|||||
| CVE-2015-9230 | 1 Ait-pro | 1 Bulletproof Security | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter.
|
|||||
| CVE-2017-17896 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Readymade Job Site Script has XSS via the keyword parameter to the /job URI.
|
|||||
| CVE-2017-4929 | 1 Vmware | 1 Nsx Edge | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure.
|
|||||
| CVE-2017-9419 | 1 Webhammer | 1 Wp Custom Fields Search | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter.
|
|||||
| CVE-2014-4925 | 2 Good, Google | 2 Good For Enterprise, Android | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40.
|
|||||
| CVE-2015-6521 | 1 Atutor | 1 Atutor | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2.
|
|||||